On Jun 27, 2010, at 12:50 PM, Douglas Garstang wrote: > On Sun, Jun 27, 2010 at 12:47 PM, Douglas Garstang > <doug.garst...@gmail.com> wrote: >> On Sun, Jun 27, 2010 at 12:34 PM, Douglas Garstang >> <doug.garst...@gmail.com> wrote: >>> Here we go with puppet 0.25 certificate problems again. >>> >>> I had a system where puppet was running fine. I reinstalled it. >>> Running puppet on the client causes this: >>> >>> "Could not request certificate: Retrieved certificate does not match >>> private key; please remove certificate from server and regenerate it >>> with the current key". >>> >>> Fine... so I run 'puppetca --clean kick01.fr.xxx.com' on the server, >>> who responds with: >>> >>> [r...@inst01 puppet]# puppetca --clean kick01.fr.xxx.com >>> kick01.fr.xxx.com >>> notice: Removing file Puppet::SSL::Certificate kick01.fr.xxx.com at >>> '/var/lib/puppet/ssl/ca/signed/kick01.fr.xxx.com.pem' >>> >>> I then rerun puppet on the client and I am getting the same error. I >>> must have done this hundreds of times with 0.24.8. What am I doing >>> wrong now? >>> >>> Doug. >>> >> >> *sigh* >> >> On the client, I removed the puppet rpm, blew away /var/lib/puppet, >> and reinstalled the puppet rpm again. Started puppet, it requested a >> certificate (but it logged nothing on the client about it, even in >> debug mode), signed it on the server, and I am still getting this on >> the client. >> >> warning: peer certificate won't be verified in this SSL session >> info: Caching certificate for kick01.fr.xxx.com >> err: Could not request certificate: Retrieved certificate does not >> match private key; please remove certificate from server and >> regenerate it with the current key >> >> *sigh* >> > > Puppet is on crack. Even when the server isn't running, I STILL get this > error!
I think I know what the problem is. I ran into this exact error message before. Try this: Step 1, run this on client: service puppet stop rm -R /var/lib/puppet Step 2, run this on server: puppetca --clean kick01.fr.xxx.com #Make sure to change this back Step 3, run this on client: #Restart the client how ever you like. I recommend this for testing: puppetd --test --verbose --debug I'm pretty sure this will work. If it does, I'll by happy to explain why you got all those different error messages. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
