Hello everyone, Just getting my first puppet master set up and I am having a problem that I just do not know how to get past. For some reason, my certificate store keeps getting corrupted. Basically what happens is that the server will issue itself a valid certificate (after removing the 'bad' cert) and will run just fine. When I start puppetDB (I am pretty sure it happens around here) on the system though, running the command 'puppet ca list --all' on the PuppetMaster, I get the following:
Error: The certificate retrieved from the master does not match the agent's private key. Certificate fingerprint: *<fingerprint removed>* To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certficate. On the master: puppet cert clean puppetmaster.site On the agent: rm -f /var/lib/puppet/ssl/certs/puppetmaster.site.pem puppet agent -t Error: Try 'puppet help ca list' for usage I have tried following said instructions which did not work at all. Eventually I was able to build it down to the following steps to regenerate the certificate store: # service puppetmaster stop # service puppetdb stop # service puppet stop # find $(puppet master --configprint ssldir) -name "$(puppet master --configprint certname).pem" -delete # rm -rf /var/lib/puppet/ssl # puppet master --no-daemonize --debug --verbose --trace (kill it when it says "starting puppet") # /usr/sbin/puppetdb-ssl-setup # service puppetmaster start # puppet ca list --all (lists the certs installed) # service puppetdb start # puppet ca list --all (prints error message above with new fingerprint) The master is running Fedora 16 with Puppet 3.0.1 (along with PuppetDB 1.0.2 and Puppet Dashboard). I realize that the solution is only made more difficult by the inclusion of db and dashboard, but the project scope grew too quickly and resulted in attempts to combine services. I am out of ideas save for re-installing the service; after messing with this install for so long, I doubt many people here will want to support this decision. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/wE0GAv51uooJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
