Puppet Error: Could not request certificate: The certificate retrieved from the master does not match the agent’s private key

Puppet Logo Amber Black lg - DevOpsBuzz

While configuring the new Puppet agent, sometimes its throwing error like below

[root@appvm001 puppet]# puppet agent --verbose --test
Info: Creating a new SSL key for appvm001
Info: Caching certificate for ca
Info: Caching certificate for appvm001
Error: Could not request certificate: The certificate retrieved from the master does not match the agent's private key.
Certificate fingerprint: AE:D8:05:F3:B1:AC:E6:C0:03:77:61:F4:26:5B:00:3C:3A:6A:99:B9:3A:EE:E1:41:AD:42:7F:D9:84:73:2A:52
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate.
On the master:
  puppet cert clean wycvlodta001
On the agent:
  1a. On most platforms: find /etc/puppet/ssl -name appvm001.pem -delete
  1b. On Windows: del "/etc/puppet/ssl/appvm001.pem" /f
  2. puppet agent -t

First try with the options provided by Puppet …

But, If that’s not working then check if there is any difference in the certificate of PuppetMaster and Master’s certificate provided to the agent

On Puppet Master

[root@puppetmaster certs]# pwd
/etc/puppet/ssl/certs
[root@puppetmaster certs]# more ca.pem

On Agent go to /etc/puppet/ssl and update the ca.pem like below

[root@appvm001 ssl]# cat > certs/ca.pem

Then check :

[root@ appvm001 ssl]# puppet agent --verbose --test
Info: Creating a new SSL key for wycvlodta001
Info: csr_attributes file loading from /etc/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for wycvlodta001
Info: Certificate Request fingerprint (SHA256): EE:B6:FF:4C:E7:8F:18:B1:25:D8:F3:F8:0E:A8:8A:4A:C9:0F:29:A2:87:9D:8F:5D:68:E0:B3:8E:49:12:3B:0A
Exiting; no certificate found and waitforcert is disabled

Even after fixing that also, if you are getting “no certificate found error” then check the host’s entry and update it correctly to correct puppet server in /etc/hosts

Once done, check the puppet agent and this time you will get the success.

Happy Learning …

1 thought on “Puppet Error: Could not request certificate: The certificate retrieved from the master does not match the agent’s private key”

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top
Scroll to Top