krishna bhaskara rao
2012-Nov-28 13:53 UTC
[Puppet Users] Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Hi, I have installed puppet master and puppet agent in two redhat linux machines. After that, I have updated server details in agent machine /etc/hosts file. While executing the ping servername in agent machine, I am getting below response. ========[root@ip-10-244-162-253 files]# ping puppet PING server.puppet.com (10.203.34.103) 56(84) bytes of data. 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=1 ttl=61 time=0.723 ms 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=2 ttl=61 time=0.570 ms 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=3 ttl=61 time=0.617 ms =========Then While executing one of the below commands "puppetd --test" or "puppetd --server puppet --waitforcert 60 --verbose --test" I am getting an error message like below *err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key* I tried after cleaning certificates in both the machines by using "puppetca --clean --all" also, same error I am getting. Can any one provide a way to come out of this issue. With Regards, Krishna Bhaskara Rao. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/m5485BQZLKsJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jakov Sosic
2012-Dec-19 21:44 UTC
Re: [Puppet Users] Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
On 11/28/2012 02:53 PM, krishna bhaskara rao wrote:> I tried after cleaning certificates in both the machines by using > "puppetca --clean --all" also, same error I am getting. > > Can any one provide a way to come out of this issue.Try to sync time on your machines (ntpdate <some_ntp_server>) . Maybe that''s your issue. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Mehmet Tecer
2012-Dec-20 15:34 UTC
[Puppet Users] Re: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Krishna, Here is how I quickly resolve this issue. 1- Stop puppet on client. 2- Delete the cert on the server 3- Delete /var/lib/puppet directory on client. 4- Start puppet on client. This should take care of your cert issue. --Mehmet On Wednesday, November 28, 2012 8:53:02 AM UTC-5, krishna bhaskara rao wrote:> > Hi, > > I have installed puppet master and puppet agent in two redhat linux > machines. > After that, I have updated server details in agent machine /etc/hosts file. > While executing the ping servername in agent machine, I am getting below > response. > ========> [root@ip-10-244-162-253 files]# ping puppet > PING server.puppet.com (10.203.34.103) 56(84) bytes of data. > 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=1 ttl=61 > time=0.723 ms > 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=2 ttl=61 > time=0.570 ms > 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=3 ttl=61 > time=0.617 ms > =========> Then While executing one of the below commands > "puppetd --test" or "puppetd --server puppet --waitforcert 60 --verbose > --test" > I am getting an error message like below > > *err: Could not request certificate: Retrieved certificate does not match > private key; please remove certificate from server and regenerate it with > the current key* > > I tried after cleaning certificates in both the machines by using > "puppetca --clean --all" also, same error I am getting. > > Can any one provide a way to come out of this issue. > > With Regards, > Krishna Bhaskara Rao. >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/918XOlLVMLMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Jeff Silverman
2013-May-29 17:10 UTC
[Puppet Users] Re: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
How do you delete the cert on the server? I''ve tried several approaches, and none of them seem to work. rm /var/lib/puppet/ssl/ca/signed/centos-6-4.commercialventvac.com.pem failed. puppetca –clean centos-6-4.commercialventvac.com.pem Required that I install puppet-common which I did and that still failed. Thank you Jeff On Thursday, December 20, 2012 7:34:23 AM UTC-8, Mehmet Tecer wrote:> > Krishna, > > Here is how I quickly resolve this issue. > > 1- Stop puppet on client. > > 2- Delete the cert on the server > > 3- Delete /var/lib/puppet directory on client. > > 4- Start puppet on client. > > This should take care of your cert issue. > --Mehmet > > On Wednesday, November 28, 2012 8:53:02 AM UTC-5, krishna bhaskara rao > wrote: >> >> Hi, >> >> I have installed puppet master and puppet agent in two redhat linux >> machines. >> After that, I have updated server details in agent machine /etc/hosts >> file. >> While executing the ping servername in agent machine, I am getting below >> response. >> ========>> [root@ip-10-244-162-253 files]# ping puppet >> PING server.puppet.com (10.203.34.103) 56(84) bytes of data. >> 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=1 ttl=61 >> time=0.723 ms >> 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=2 ttl=61 >> time=0.570 ms >> 64 bytes from server.puppet.com (10.203.34.103): icmp_seq=3 ttl=61 >> time=0.617 ms >> =========>> Then While executing one of the below commands >> "puppetd --test" or "puppetd --server puppet --waitforcert 60 --verbose >> --test" >> I am getting an error message like below >> >> *err: Could not request certificate: Retrieved certificate does not >> match private key; please remove certificate from server and regenerate it >> with the current key* >> >> I tried after cleaning certificates in both the machines by using >> "puppetca --clean --all" also, same error I am getting. >> >> Can any one provide a way to come out of this issue. >> >> With Regards, >> Krishna Bhaskara Rao. >> >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
Jeff Silverman
2013-May-29 19:51 UTC
[Puppet Users] Re: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
I see my mistake. On the client, I should have deleted /var/lib/puppet/ instead of /var/lib/puppet/ssl. Deleting /var/lib/puppet/ cleared the issue. Also, the command puppetca --clean cert CLIENT is outdated. The new command is puppet cert clean CLIENT_FQDN where CLIENT_FQDN is the client''s fully qualified domain name, e.g. centos-6-4.commercialventvac.com -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
thinkwell
2013-Sep-21 00:53 UTC
[Puppet Users] Re: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Sorry to resurrect an old thread, but this one did it for me. I always cleaned the master and deleted the /var/lib/puppet/ssl directory on the client when I had cert errors but that was not doing the trick. Came across this thread and blew away the /var/lib/puppet/ directory instead and VOILA! On Wednesday, May 29, 2013 3:51:29 PM UTC-4, Jeff Silverman wrote:> > I see my mistake. On the client, I should have deleted /var/lib/puppet/ > instead of /var/lib/puppet/ssl. Deleting /var/lib/puppet/ cleared the > issue. > > > > > > >-- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users. For more options, visit https://groups.google.com/groups/opt_out.