Felix Frank
2014-May-05 14:07 UTC
Re: [Puppet Users] "The certificate retrieved from the master does not match the agent's private key." The master and agent in this case are on the same machine.
Hi, first off, because your post is really, really confusing: Is this the agent running on the master machine? Or are other agents afflicted as well? On 05/05/2014 04:04 PM, Dan Pasacrita wrote:> So for whatever reason I've been seeing this error. I'll usually see it > when doing puppet commands like "puppet agent -t" or "puppet cert clean > [Agent Hostname]". > > Error: Could not request certificate: The certificate retrieved from the > master does not match the agent's private key. > Certificate fingerprint: > 7D:79:1E:C9:61:0B:96:18:DE:FE:9A:82:99:69:83:63:76:66:BA:5E:C7:8E:5F:BF:C5:37:4D:C1:07:36:4A:29 > To fix this, remove the certificate from both the master and the agent > and then start a puppet run, which will automatically regenerate a > certficate. > On the master: > puppet cert clean [Master Hostname] > On the agent: > rm -f /home/dpasacrita/.puppet/ssl/certs/[Master Hostname].pem > puppet agent -t > > Okay so I notice here that it tells me how to fix the issue, it normally > wouldn't be that big an issue I bet. But here, as you can see, the > Master's certificate doesn't match its own private key. I'm not sure > what caused this, but I think it might have been me stupidly changing > the mode of the Master's home folder to 777. I don't even remember why I > did that, but I've since fixed that. I don't really know how to proceed > here though, since I can't run puppet cert clean [Master Hostname] > without getting this error, and I'm worried about removing the file it > tells me to because I know I can't run puppet agent -t on the master > right now and I'm worried I'll be worse off if I mess with it. What can > I do here?-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/53679B23.6050402%40alumni.tu-berlin.de. For more options, visit https://groups.google.com/d/optout.