Issue #14246 has been reported by Dan Bode. ---------------------------------------- Bug #14246: allow duplicate certs does not work with agent/master https://projects.puppetlabs.com/issues/14246
Author: Dan Bode Status: Unreviewed Priority: Normal Assignee: Category: Target version: Affected Puppet version: Keywords: Branch: On my master, I set: [main] allow_deplicate_certs = true on the master, I regenerate a private key, I get the failure: <pre> root@cygnet-2:~# puppet agent -t --ssldir=/tmp/ info: Creating a new SSL key for cygnet-2.cygnet.lab warning: peer certificate won't be verified in this SSL session info: Caching certificate for ca warning: peer certificate won't be verified in this SSL session info: Caching certificate for cygnet-2.cygnet.lab err: Could not request certificate: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: B5:FE:4C:B6:D8:75:2C:8D:FD:05:48:53:43:DC:B4:10 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean cygnet-2.cygnet.lab On the agent: rm -f /tmp/certs/cygnet-2.cygnet.lab.pem puppet agent -t </pre> It appears that the agent does not actually resend its cert req if one already exists, meaning that allow duplicate certs does not work with puppet agent. This issue was observed with Puppet 2.7.12, but I do not believe it is a regression. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
