While configuring the new Puppet agent, sometimes its throwing error like below
[root@appvm001 puppet]# puppet agent --verbose --test Info: Creating a new SSL key for appvm001 Info: Caching certificate for ca Info: Caching certificate for appvm001 Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: AE:D8:05:F3:B1:AC:E6:C0:03:77:61:F4:26:5B:00:3C:3A:6A:99:B9:3A:EE:E1:41:AD:42:7F:D9:84:73:2A:52 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean wycvlodta001 On the agent: 1a. On most platforms: find /etc/puppet/ssl -name appvm001.pem -delete 1b. On Windows: del "/etc/puppet/ssl/appvm001.pem" /f 2. puppet agent -t
First try with the options provided by Puppet …
But, If that’s not working then check if there is any difference in the certificate of PuppetMaster and Master’s certificate provided to the agent
On Puppet Master
[root@puppetmaster certs]# pwd /etc/puppet/ssl/certs [root@puppetmaster certs]# more ca.pem
On Agent go to /etc/puppet/ssl and update the ca.pem like below
[root@appvm001 ssl]# cat > certs/ca.pem
Then check :
[root@ appvm001 ssl]# puppet agent --verbose --test Info: Creating a new SSL key for wycvlodta001 Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml Info: Creating a new SSL certificate request for wycvlodta001 Info: Certificate Request fingerprint (SHA256): EE:B6:FF:4C:E7:8F:18:B1:25:D8:F3:F8:0E:A8:8A:4A:C9:0F:29:A2:87:9D:8F:5D:68:E0:B3:8E:49:12:3B:0A Exiting; no certificate found and waitforcert is disabled
Even after fixing that also, if you are getting “no certificate found error” then check the host’s entry and update it correctly to correct puppet server in /etc/hosts
Once done, check the puppet agent and this time you will get the success.
Happy Learning …
Very useful information. Thanks for Sharing.