Hey all, after installing the 3.0.0 version of puppet (debian package from puppetlabs), doing the initial config, doing an initial start of master to generate the certs needed and then starting apache with passenger to control puppetmaster. I can do:
puppet ca list --all and get a listing of the certs in the system (initially only the master). afterwards, on the client node, I run: puppet -t -d --waitforcert 60 --server netadmin.domain.tld The client node generates its cert and pushes to master. on master I can see the request with: puppet ca list sign the request: puppet ca sign ns3.domain.tld and afterwards if I do: puppet ca list --all I get the following: Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: 8F:24:92:B9:89:0C:E7:04:C5:3F:B6:11:F8:13:4B:6A:9E:F4:EA:08:E7:4E:75:1B:DA:1C:A6:47:04:DB:55:81 To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean netadmin.domain.tld On the agent: rm -f /var/lib/puppet/ssl/certs/netadmin.domain.tld.pem puppet agent -t Error: Try 'puppet help ca list' for usage Does anyone have an idea what is going on here? if not I will open a ticket. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/Gu9MWOsConUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
