Puppet: Retrieved certificate does not match private key

Puppet: Retrieved certificate does not match private key

While working with puppet recently I came across the following error message on one of the client machines.

err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled

The problem here is that the SSL certificate for the client seems to have some issues. This can due to rebuilding of the client machine or switching of puppet master for the client back and forth.

Puppet: Retrieved certificate does not match private key

The solution for this problem is to clean up all the client SSL stuff related to puppet. You need to access the ssl directory for puppet. This directory is /var/lib/puppet/ssl.

Remove the SSL file from puppet-client

Firstly, cd into the above mentioned directory and all the files present in the referring sub directories within that directory.

Remove the client SSL from puppet-master

Then on the puppet master server remove/revoke the client’s SSL certificate.

This can be done using:

[[email protected] ~]# puppetca –clean {client HOSTNAME}

where,

    You will have to replace HOSTNAME with the client servers hostname.

In my case the above command was:

[[email protected] ~]# puppetca –clean {client puppet-client.com}

You can also remove/revoke the SSL certificate for the client on the puppet master by accessing the puppet SSL directory on the puppet master.

On puppet master, you will have to remove the pem file present under /var/lib/puppet/ssl/ca/signed. The file name will be HOSTNAME.pem.

In my case it was /var/lib/puppet/ssl/ca/signed/puppet-client.com.pem

Test and Start puppet on puppet client

Once you have done the above test the puppet client on the client server.

[[email protected]]# puppetd –test

Or

[[email protected]]# puppetd -t

This should re-generate the SSL certificates for the puppet client server and share it with the puppet master server.

No Comments

Post a Comment

Time limit is exhausted. Please reload CAPTCHA.