Is there a way to force the puppetmaster to resign certificates for
existing certificates when a new CSR for the same hostname arrives?
When we reinstall freshly formatted clients with puppet (with the
same hostname) the puppet client complains:
err: Could not request certificate: Retrieved certificate does not match
private key; please remove certificate from server and regenerate it with
the current key
As workaround we need to delete the $ssldir on the client, delete the
certificate on the server "puppetca --clean client-hostname.fqdn" and
restart puppet
Used versions:
puppetmaster 0.25.4-2~bpo50+1
puppet 2.6.2-4
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.