This error appears when running the puppet agent -t command on a Puppet Agent. In this example, let's say the hostname of the Puppet Agent is host1.
[john.doe@server1 ~]# puppet agent -t Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6:A1:B2:C3:D4:E5:F6: To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerated a certificate. On the master: puppet cert clean host1 On the agent: 1a. On most platforms: find /home/john.doe/.puppetlabs/etc/puppet/ssl -name host1.pem -delete 1b. On Windows: del "\home\john.doe\.puppetlabs\etc\puppet\ssl\certs\host1.pem" /f 2. puppet agent -t Exiting; failed to retrieve certificate and waitforcert is disabled
On the Puppet Master, the certificate are located at /etc/puppetlabs/puppet/ssl/ca/signed/example.pem and /etc/puppetlabs/puppet/ssl/certs/example.pem. Remove these two certificates from the Puppet Master.
[john.doe@server1 ~]# puppet cert clean host1 Notice: Removing file Puppet::SSL:Certificate host1 at '/etc/puppetlabs/puppet/ssl/ca/signed/example.pem' Notice: Removing file Puppet::SSL::Certificate host1 at '/etc/puppetlabs/puppet/ssl/certs/example.pem'
On the Puppet Agent, the certificate is located at /etc/puppetlabs/puppet/ssl/certs/example.pem. Remove this certificate.
[john.doe@server1 ~]# sudo rm /etc/puppetlabs/puppet/ssl/certs/host1.pem