I have just started installing Puppet 3 to a test environment and had the same thing happen to me. Following the instructions listed in the error didn't solve the problem either. It wasn't until I revoked the certificate and generated a new one did it start working. I believe this occurred when I accidentally ran puppet agent -t as a regular user instead of root. I copied the commands below that fixed this error for me:
[SERVER] # puppet cert --revoke node.test.edu # puppet cert --clean node.test.edu [CLIENT] # service puppet stop # rm -rf /var/lib/puppet/ssl # service puppet start # puppet agent --test [SERVER] # puppet cert --sign node.test.edu [CLIENT] # puppet agent --test On Monday, October 15, 2012 6:20:40 AM UTC-5, t00_m4d_f00 wrote: > > > > On 15 Okt., 13:16, t00_m4d_f00 <[email protected]> wrote: > > root@netadmin:/var/lib/puppet/ssl/ca# puppet ca list --all > > Error: The certificate retrieved from the master does not match the > > agent's private key. > > Certificate fingerprint: 57:9D: > > 95:66:0C:B3:37:7C:F1:7D:B2:41:35:47:08:9F:D9:1B:9F:2C:57:F9:D1:20:3B: > > 1B:FE:27:37:16:87:ED > > To fix this, remove the certificate from both the master and the agent > > and then start a puppet run, which will automatically regenerate a > > certficate. > > On the master: > > puppet cert clean netadmin.domain.tld > > On the agent: > > rm -f /var/lib/puppet/ssl/certs/netadmin.domain.tld.pem > > puppet agent -t > > > > Error: Try 'puppet help ca list' for usage > > sorry, the error should be: > > Error: The certificate retrieved from the master does not match the > agent's private key. > Certificate fingerprint: DF:D4:9A:FE:A8:B2:50:74:E3:47:15:FA:7A:D1:9E: > 57:06:D5:3D:9B:A5:6D:A4:82:DF:EB:E0:4E:89:FC:97:01 > To fix this, remove the certificate from both the master and the agent > and then start a puppet run, which will automatically regenerate a > certficate. > On the master: > puppet cert clean netadmin.mol-servers.de > On the agent: > rm -f /var/lib/puppet/ssl/certs/netadmin.mol-servers.de.pem > puppet agent -t > > Error: Try 'puppet help ca list' for usage > > > The cert fingerprint that is shown is different than the prints shown > prior to signing the node cert. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/7Ur8ogQ_lPAJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
