I have 0.25.1 on client and server. Everything is working fine. I delete the /etc/puppet/ssl dir to simulate a machine rebuild I run puppetd on the client and I get: debug: Using cached certificate for ca debug: Using cached certificate for h09353by20h.lanl.gov err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key Exiting; failed to retrieve certificate and watiforcert is disabled I''ve done a puppetca --clean h09353by20h.lanl.gov on the server, but I still get this message. Is there a cached server cert on the client I should be deleting? I need to resolve this error as we are seeing it on more and more machines. --- Thanks, Allan Marcus 505-667-5666 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
ug. I figured it out. Need to clean the cert on the server, then need to rm /etc/puppet/ssl again, then it works. --- Thanks, Allan Marcus 505-667-5666 On Dec 4, 2009, at 9:32 AM, Allan Marcus wrote:> I have 0.25.1 on client and server. > Everything is working fine. > I delete the /etc/puppet/ssl dir to simulate a machine rebuild > I run puppetd on the client and I get: > > debug: Using cached certificate for ca > debug: Using cached certificate for h09353by20h.lanl.gov > err: Could not request certificate: Retrieved certificate does not > match private key; please remove certificate from server and > regenerate it with the current key > Exiting; failed to retrieve certificate and watiforcert is disabled > > I''ve done a puppetca --clean h09353by20h.lanl.gov on the server, but I > still get this message. > > Is there a cached server cert on the client I should be deleting? I > need to resolve this error as we are seeing it on more and more > machines. > > > --- > Thanks, > > Allan Marcus > 505-667-5666 > > > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com > . > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en > . > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Actually you only need to rm puppet/ssl/certs/client_name.pem It''s a bug in the 25 client that caches the signed certificate received from the server, even if it doesn''t match it''s own key. Silviu On 04.12.2009 18:45, Allan Marcus wrote:> ug. I figured it out. > > Need to clean the cert on the server, then need to rm /etc/puppet/ssl > again, then it works. > > --- > Thanks, > > Allan Marcus > 505-667-5666 > > > > On Dec 4, 2009, at 9:32 AM, Allan Marcus wrote: > > >> I have 0.25.1 on client and server. >> Everything is working fine. >> I delete the /etc/puppet/ssl dir to simulate a machine rebuild >> I run puppetd on the client and I get: >> >> debug: Using cached certificate for ca >> debug: Using cached certificate for h09353by20h.lanl.gov >> err: Could not request certificate: Retrieved certificate does not >> match private key; please remove certificate from server and >> regenerate it with the current key >> Exiting; failed to retrieve certificate and watiforcert is disabled >> >> I''ve done a puppetca --clean h09353by20h.lanl.gov on the server, but I >> still get this message. >> >> Is there a cached server cert on the client I should be deleting? I >> need to resolve this error as we are seeing it on more and more >> machines. >> >> >> --- >> Thanks, >> >> Allan Marcus >> 505-667-5666 >> >> >> >> -- >> >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com >> . >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en >> . >> >> >> > -- > > You received this message because you are subscribed to the Google Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en. > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
awesome! That works. --- Thanks, Allan Marcus 505-667-5666 On Dec 4, 2009, at 10:12 AM, Silviu Paragina wrote:> Actually you only need to rm puppet/ssl/certs/client_name.pem > It''s a bug in the 25 client that caches the signed certificate > received > from the server, even if it doesn''t match it''s own key. > > Silviu > > On 04.12.2009 18:45, Allan Marcus wrote: >> ug. I figured it out. >> >> Need to clean the cert on the server, then need to rm /etc/puppet/ssl >> again, then it works. >> >> --- >> Thanks, >> >> Allan Marcus >> 505-667-5666 >> >> >> >> On Dec 4, 2009, at 9:32 AM, Allan Marcus wrote: >> >> >>> I have 0.25.1 on client and server. >>> Everything is working fine. >>> I delete the /etc/puppet/ssl dir to simulate a machine rebuild >>> I run puppetd on the client and I get: >>> >>> debug: Using cached certificate for ca >>> debug: Using cached certificate for h09353by20h.lanl.gov >>> err: Could not request certificate: Retrieved certificate does not >>> match private key; please remove certificate from server and >>> regenerate it with the current key >>> Exiting; failed to retrieve certificate and watiforcert is disabled >>> >>> I''ve done a puppetca --clean h09353by20h.lanl.gov on the server, >>> but I >>> still get this message. >>> >>> Is there a cached server cert on the client I should be deleting? I >>> need to resolve this error as we are seeing it on more and more >>> machines. >>> >>> >>> --- >>> Thanks, >>> >>> Allan Marcus >>> 505-667-5666 >>> >>> >>> >>> -- >>> >>> You received this message because you are subscribed to the Google >>> Groups "Puppet Users" group. >>> To post to this group, send email to puppet-users@googlegroups.com. >>> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com >>> . >>> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en >>> . >>> >>> >>> >> -- >> >> You received this message because you are subscribed to the Google >> Groups "Puppet Users" group. >> To post to this group, send email to puppet-users@googlegroups.com. >> To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com >> . >> For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en >> . >> >> >> > > -- > > You received this message because you are subscribed to the Google > Groups "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com > . > For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en > . > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.