FAQ
Hi,

I have installed puppet master and puppet agent in two redhat linux
machines.
After that, I have updated server details in agent machine /etc/hosts file.
While executing the ping servername in agent machine, I am getting below
response.
=========
[root@ip-10-244-162-253 files]# ping puppet
PING server.puppet.com (10.203.34.103) 56(84) bytes of data.
64 bytes from server.puppet.com (10.203.34.103): icmp_seq=1 ttl=61
time=0.723 ms
64 bytes from server.puppet.com (10.203.34.103): icmp_seq=2 ttl=61
time=0.570 ms
64 bytes from server.puppet.com (10.203.34.103): icmp_seq=3 ttl=61
time=0.617 ms
==========
Then While executing one of the below commands
"puppetd --test" or "puppetd --server puppet --waitforcert 60 --verbose
--test"
I am getting an error message like below

*err: Could not request certificate: Retrieved certificate does not match
private key; please remove certificate from server and regenerate it with
the current key*

I tried after cleaning certificates in both the machines by using "puppetca
--clean --all" also, same error I am getting.

Can any one provide a way to come out of this issue.

With Regards,
Krishna Bhaskara Rao.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m5485BQZLKsJ.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Jakov Sosic at Dec 19, 2012 at 9:44 pm

    On 11/28/2012 02:53 PM, krishna bhaskara rao wrote:

    I tried after cleaning certificates in both the machines by using
    "puppetca --clean --all" also, same error I am getting.

    Can any one provide a way to come out of this issue.
    Try to sync time on your machines (ntpdate <some_ntp_server>) . Maybe
    that's your issue.




    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Mehmet Tecer at Dec 20, 2012 at 4:12 pm
    Krishna,

    Here is how I quickly resolve this issue.

    1- Stop puppet on client.

    2- Delete the cert on the server

    3- Delete /var/lib/puppet directory on client.

    4- Start puppet on client.

    This should take care of your cert issue.
    --Mehmet

    On Wednesday, November 28, 2012 8:53:02 AM UTC-5, krishna bhaskara rao
    wrote:
    Hi,

    I have installed puppet master and puppet agent in two redhat linux
    machines.
    After that, I have updated server details in agent machine /etc/hosts file.
    While executing the ping servername in agent machine, I am getting below
    response.
    =========
    [root@ip-10-244-162-253 files]# ping puppet
    PING server.puppet.com (10.203.34.103) 56(84) bytes of data.
    64 bytes from server.puppet.com (10.203.34.103): icmp_seq=1 ttl=61
    time=0.723 ms
    64 bytes from server.puppet.com (10.203.34.103): icmp_seq=2 ttl=61
    time=0.570 ms
    64 bytes from server.puppet.com (10.203.34.103): icmp_seq=3 ttl=61
    time=0.617 ms
    ==========
    Then While executing one of the below commands
    "puppetd --test" or "puppetd --server puppet --waitforcert 60 --verbose
    --test"
    I am getting an error message like below

    *err: Could not request certificate: Retrieved certificate does not match
    private key; please remove certificate from server and regenerate it with
    the current key*

    I tried after cleaning certificates in both the machines by using
    "puppetca --clean --all" also, same error I am getting.

    Can any one provide a way to come out of this issue.

    With Regards,
    Krishna Bhaskara Rao.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/918XOlLVMLMJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Jeff Silverman at May 29, 2013 at 6:43 pm
    How do you delete the cert on the server? I've tried several approaches,
    and none of them seem to work.

    rm /var/lib/puppet/ssl/ca/signed/centos-6-4.commercialventvac.com.pem


    failed.


    puppetca –clean centos-6-4.commercialventvac.com.pem


    Required that I install puppet-common which I did and that still failed.



    Thank you


    Jeff



    On Thursday, December 20, 2012 7:34:23 AM UTC-8, Mehmet Tecer wrote:

    Krishna,

    Here is how I quickly resolve this issue.

    1- Stop puppet on client.

    2- Delete the cert on the server

    3- Delete /var/lib/puppet directory on client.

    4- Start puppet on client.

    This should take care of your cert issue.
    --Mehmet

    On Wednesday, November 28, 2012 8:53:02 AM UTC-5, krishna bhaskara rao
    wrote:
    Hi,

    I have installed puppet master and puppet agent in two redhat linux
    machines.
    After that, I have updated server details in agent machine /etc/hosts
    file.
    While executing the ping servername in agent machine, I am getting below
    response.
    =========
    [root@ip-10-244-162-253 files]# ping puppet
    PING server.puppet.com (10.203.34.103) 56(84) bytes of data.
    64 bytes from server.puppet.com (10.203.34.103): icmp_seq=1 ttl=61
    time=0.723 ms
    64 bytes from server.puppet.com (10.203.34.103): icmp_seq=2 ttl=61
    time=0.570 ms
    64 bytes from server.puppet.com (10.203.34.103): icmp_seq=3 ttl=61
    time=0.617 ms
    ==========
    Then While executing one of the below commands
    "puppetd --test" or "puppetd --server puppet --waitforcert 60 --verbose
    --test"
    I am getting an error message like below

    *err: Could not request certificate: Retrieved certificate does not
    match private key; please remove certificate from server and regenerate it
    with the current key*

    I tried after cleaning certificates in both the machines by using
    "puppetca --clean --all" also, same error I am getting.

    Can any one provide a way to come out of this issue.

    With Regards,
    Krishna Bhaskara Rao.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Jeff Silverman at May 29, 2013 at 7:51 pm
    I see my mistake. On the client, I should have deleted /var/lib/puppet/
    instead of /var/lib/puppet/ssl. Deleting /var/lib/puppet/ cleared the
    issue. Also, the command
    puppetca --clean cert CLIENT
    is outdated. The new command is
    puppet cert clean CLIENT_FQDN

    where CLIENT_FQDN is the client's fully qualified domain name, e.g.
    centos-6-4.commercialventvac.com






    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users?hl=en.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Thinkwell at Sep 21, 2013 at 12:53 am
    Sorry to resurrect an old thread, but this one did it for me. I always
    cleaned the master and deleted the /var/lib/puppet/ssl directory on the
    client when I had cert errors but that was not doing the trick. Came across
    this thread and blew away the /var/lib/puppet/ directory instead and VOILA!

    On Wednesday, May 29, 2013 3:51:29 PM UTC-4, Jeff Silverman wrote:

    I see my mistake. On the client, I should have deleted /var/lib/puppet/
    instead of /var/lib/puppet/ssl. Deleting /var/lib/puppet/ cleared the
    issue.





    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
    To post to this group, send email to puppet-users@googlegroups.com.
    Visit this group at http://groups.google.com/group/puppet-users.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedNov 28, '12 at 2:49p
activeSep 21, '13 at 12:53a
posts6
users5
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase