Actually you only need to rm puppet/ssl/certs/client_name.pem It's a bug in the 25 client that caches the signed certificate received from the server, even if it doesn't match it's own key.
Silviu On 04.12.2009 18:45, Allan Marcus wrote: > ug. I figured it out. > > Need to clean the cert on the server, then need to rm /etc/puppet/ssl > again, then it works. > > --- > Thanks, > > Allan Marcus > 505-667-5666 > > > > On Dec 4, 2009, at 9:32 AM, Allan Marcus wrote: > > >> I have 0.25.1 on client and server. >> Everything is working fine. >> I delete the /etc/puppet/ssl dir to simulate a machine rebuild >> I run puppetd on the client and I get: >> >> debug: Using cached certificate for ca >> debug: Using cached certificate for h09353by20h.lanl.gov >> err: Could not request certificate: Retrieved certificate does not >> match private key; please remove certificate from server and >> regenerate it with the current key >> Exiting; failed to retrieve certificate and watiforcert is disabled >> >> I've done a puppetca --clean h09353by20h.lanl.gov on the server, but I >> still get this message. >> >> Is there a cached server cert on the client I should be deleting? I >> need to resolve this error as we are seeing it on more and more >> machines. >> >> >> --- >> Thanks, >> >> Allan Marcus >> 505-667-5666 >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To post to this group, send email to puppet-us...@googlegroups.com. >> To unsubscribe from this group, send email to >> puppet-users+unsubscr...@googlegroups.com >> . >> For more options, visit this group at >> http://groups.google.com/group/puppet-users?hl=en >> . >> >> >> > -- > > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > > > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
