Hi,
from afar, it's hard to tell what your specific problem is.
Has your puppetmaster generated a new CSR for the machine? Maybe you
have to sign the new certificate; the master still stores a valid,
signed certificate for the machine, but the client has no use for it.
You need to convince your master to sign a new certificate (for which
the client actually has the private key).
>From the helptext:
clean: Remove all files related to a host from puppet cert's
storage. This is useful when rebuilding hosts, since new
certificate signing requests will only be honored if puppet
cert does not have a copy of a signed certificate for that
host. The certificate of the host remains valid. If '--all'
is specified then all host certificates, both signed and
unsigned, will be removed.
Be mindful of the fact that the signed certificate remains valid (until
replaced?)
HTH,
Felix
On 02/14/2011 04:34 AM, Tim Dunphy wrote:
> Hello list,
>
> I am having a problem with one of my puppet clients contacting the
> puppet server. All of my puppet nodes are working with the current
> manifest (such as it is, until I get a chance to develop it a little
> more).
>
> The server I am having issues with had to be re-provisioned. Once I
> did I started getting this message:
>
> [root@LCENT01:~] #puppetd --test --waitforcert 15
> err: Could not request certificate: Retrieved certificate does not
> match private key; please remove certificate from server and
> regenerate it with the current key
>
> So I rm'd the contents of the ssl directory on this client:
>
> [root@LCENT01:~] #rm -rf /var/lib/ssl/*
>
>
> Then I went to the puppet server and issued a puppetca --clean:
>
> [root@virtcent13:~] #puppetca --clean LCENT01.summitnjhome.com
> LCENT01.summitnjhome.com
>
> The puppet server responds with the name of the host indicating that
> it has already been cleaned.
>
> The server name I used for the clean directive matches the fqdn of the
> host I am attempting to re-add to the puppet servers's cert list.
>
>
> [root@LCENT01:~] #facter | grep fqdn
> fqdn => LCENT01.summitnjhome.com
>
>
> AFAIK the puppetca --clean command should have taken care of this
> error. Can someone out there recommend the next steps to resolving
> this error?
>
> Thanks!!!
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
