Hi Everyone,

Apologies for covering old ground, I've been reading through previous
posts and issues regarding this but I'm unclear what the current
resolution / situation is regarding this:

Essentially my issue is that I have "allow_duplicate_certs = true" set
on my puppet master, however, new clients with the same hostname as
old clients still get a cert error when attempting to register with
the CA:

I'm running Amazon Linux with puppet-server-2.7.11-2.el6.noarch on the
master, when the client server is initially created it is running
puppet-2.6.6-3.2.amzn1.x86_64.  The following error is seen:

err: Could not request certificate: Retrieved certificate does not
match private key; please remove certificate from server and
regenerate it with the current key

If I manually upgrade the client to puppet-2.7.11-2.el6.noarch and
attempt to connect to the master again I get a more informative error

err: Could not request certificate: The certificate retrieved from the
master does not match the agent's private key.
Certificate fingerprint: XXXX
To fix this, remove the certificate from both the master and the agent
and then start a puppet run, which will automatically regenerate a
certficate.
On the master:
  puppet cert clean <hostname>
On the agent:
  rm -f /var/lib/puppet/ssl/certs/<hostname>
  puppet agent -t

Thanks in advance.

Regards

Tom

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to