Sylvain
2011-Apr-18 21:28 UTC
[Puppet Users] Certificate request does not match existing certificate
Hello there, I have a problem while I''m trying to puppetize a client, I get this error: err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run ''puppetca --clean puppetclienttest.sl.ss''. I checked -Shutdown puppet on client/server side, delete ssl/ dir to regenerate certificate. -Be sure that the time is the same on both host. Now I don''t know what I can do else. Client version: 0.24.8 Server version: 2.6.6 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Sylvain
2011-Apr-18 21:44 UTC
[Puppet Users] Certificate request does not match existing certificate
Hello there, I have a problem while I''m trying to puppetize a client, I get this error: err: Could not request certificate: Certificate retrieval failed: Certificate request does not match existing certificate; run ''puppetca --clean puppetclienttest''. Here is how I proceed: -Ask for a certificate /usr/sbin/puppetd --server puppetserver -- verbose --waitforcert 60 --test -Check that I received the certificate request /usr/sbin/puppetca -- list -Generate the certificate /usr/sbin/puppetca --generate puppetclienttest -Try to pull /usr/sbin/puppetd --server cron01 --test I read what I found about this and here is what I checked: -Run a puppetca --clean puppetclienttest -Shutdown puppet on client/server side, delete ssl/ dir to regenerate certificate. -Be sure that the time is the same on both host. Any help appreciate. Client version: 0.24.8 Server version: 2.6.6 Thanks -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Felix Frank
2011-Apr-19 07:22 UTC
Re: [Puppet Users] Certificate request does not match existing certificate
On 04/18/2011 11:44 PM, Sylvain wrote:> Hello there, > > I have a problem while I''m trying to puppetize a client, I get this > error: > err: Could not request certificate: Certificate retrieval failed: > Certificate request does not match existing certificate; run > ''puppetca > --clean puppetclienttest''. > > Here is how I proceed: > -Ask for a certificate /usr/sbin/puppetd --server puppetserver -- > verbose --waitforcert 60 --test > -Check that I received the certificate request /usr/sbin/puppetca -- > list > -Generate the certificate /usr/sbin/puppetca --generate > puppetclienttestHi, you''re no supposed to do this. After puppetd --waitforcert, you should see the CSR on the master using puppetca -l. Then sign it using puppetca -s <client>. HTH, Felix -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Thomas Mueller
2011-Apr-19 11:57 UTC
Re: [Puppet Users] Certificate request does not match existing certificate
Am Mon, 18 Apr 2011 14:28:57 -0700 schrieb Sylvain:> Hello there, > > I have a problem while I''m trying to puppetize a client, I get this > error: > err: Could not request certificate: Certificate retrieval failed: > Certificate request does not match existing certificate; run ''puppetca > --clean puppetclienttest.sl.ss''. > > I checked > -Shutdown puppet on client/server side, delete ssl/ dir to regenerate > certificate. > -Be sure that the time is the same on both host. > > Now I don''t know what I can do else. > > Client version: 0.24.8 > Server version: 2.6.6IMHO client 0.24.x is too old and does not work with puppetmaster 2.6.x? - Thomas -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jeff McCune
2011-Apr-21 22:33 UTC
Re: [Puppet Users] Certificate request does not match existing certificate
On Tue, Apr 19, 2011 at 4:57 AM, Thomas Mueller <thomas@chaschperli.ch> wrote:>> >> Client version: 0.24.8 >> Server version: 2.6.6 > > IMHO client 0.24.x is too old and does not work with puppetmaster 2.6.x?Puppet 0.24.8 works just fine with Puppet Master 2.6.x. To resolve this issue, have you tried cleaning out the certificate on the master as the error message mentioned, then running through the request process again on the Puppet Agent? -- Jeff McCune Professional Services, Puppet Labs @0xEFF -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Apparently Analagous Threads
- Could not request certificate: Certificate does not match private key
- err: Could not retrieve catalog from remote server: certificate verify failed
- failed to retrieve certificate on Amazon EC2
- Puppetmasterd not receiving certificate request
- certificate not trusted