Resolve "The certificate retrieved from the master does not match the agent's private key"

Home > Search
  by

This error appears when running the puppet agent -t command on a Puppet Agent. In this example, let's say the hostname of the Puppet Agent is host1.

[john.doe@server1 ~]# puppet agent -t
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerated a certificate.
On the master:
  puppet cert clean host1
On the agent:
  1a. On most platforms: find /home/john.doe/.puppetlabs/etc/puppet/ssl -name host1.pem -delete
  1b. On Windows: del "\home\john.doe\.puppetlabs\etc\puppet\ssl\certs\host1.pem" /f
  2. puppet agent -t

Exiting; failed to retrieve certificate and waitforcert is disabled

 

On the Puppet Master, the certificate are located at /etc/puppetlabs/puppet/ssl/ca/signed/example.pem and /etc/puppetlabs/puppet/ssl/certs/example.pem. Remove these two certificates from the Puppet Master.

[john.doe@server1 ~]# puppet cert clean host1
Notice: Removing file Puppet::SSL:Certificate host1 at '/etc/puppetlabs/puppet/ssl/ca/signed/example.pem'
Notice: Removing file Puppet::SSL::Certificate host1 at '/etc/puppetlabs/puppet/ssl/certs/example.pem'

 

On the Puppet Agent, the certificate is located at /etc/puppetlabs/puppet/ssl/certs/example.pem. Remove this certificate.

[john.doe@server1 ~]#  sudo rm /etc/puppetlabs/puppet/ssl/certs/host1.pem

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments