Hi Everyone, Apologies for covering old ground, I''ve been reading through previous posts and issues regarding this but I''m unclear what the current resolution / situation is regarding this: Essentially my issue is that I have "allow_duplicate_certs = true" set on my puppet master, however, new clients with the same hostname as old clients still get a cert error when attempting to register with the CA: I''m running Amazon Linux with puppet-server-2.7.11-2.el6.noarch on the master, when the client server is initially created it is running puppet-2.6.6-3.2.amzn1.x86_64. The following error is seen: err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key If I manually upgrade the client to puppet-2.7.11-2.el6.noarch and attempt to connect to the master again I get a more informative error err: Could not request certificate: The certificate retrieved from the master does not match the agent''s private key. Certificate fingerprint: XXXX To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean <hostname> On the agent: rm -f /var/lib/puppet/ssl/certs/<hostname> puppet agent -t Thanks in advance. Regards Tom -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.