This error appears when running the puppet agent -t command on a Puppet Agent. In this example, let's say the hostname of the Puppet Agent is host1.

[john.doe@server1 ~]# puppet agent -t
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerated a certificate.
On the master:
  puppet cert clean host1
On the agent:
  1a. On most platforms: find /home/john.doe/.puppetlabs/etc/puppet/ssl -name host1.pem -delete
  1b. On Windows: del "\home\john.doe\.puppetlabs\etc\puppet\ssl\certs\host1.pem" /f
  2. puppet agent -t

Exiting; failed to retrieve certificate and waitforcert is disabled

On the Puppet Master, the certificate are located at /etc/puppetlabs/puppet/ssl/ca/signed/example.pem and /etc/puppetlabs/puppet/ssl/certs/example.pem. Remove these two certificates from the Puppet Master.

[john.doe@server1 ~]# puppet cert clean host1
Notice: Removing file Puppet::SSL:Certificate host1 at '/etc/puppetlabs/puppet/ssl/ca/signed/example.pem'
Notice: Removing file Puppet::SSL::Certificate host1 at '/etc/puppetlabs/puppet/ssl/certs/example.pem'

On the Puppet Agent, the certificate is located at /etc/puppetlabs/puppet/ssl/certs/example.pem. Remove this certificate.

[john.doe@server1 ~]#  sudo rm /etc/puppetlabs/puppet/ssl/certs/host1.pem