Skip to main content

Fix a “Could not run: The certificate” error message on an agent node in Puppet Enterprise

Elaine McCloskey
  • Updated

You get a certificate-related error message when reinstalling Puppet on an agent node in Puppet Enterprise.

Error messages

Error: The certificate for 'CN=[SERVER NAME].[URL].com' does not match its private key
Error: Could not run: The certificate for 'CN=[SERVER NAME].[URL].com' does not match its private key

You get these error messages on an agent node in PE after running: puppet agent -t.

Version and installation information

PE version: All supported

Solution

Regenerate the certificate on the agent node and sign it on the primary server in PE by following these steps:

  1. Back up the previous SSL folder containing the certificates and keys and remove them. For example:
    • On Linux nodes: mv/etc/puppetlabs/puppet/ssl/etc/puppetlabs/puppet/ssl_bak.
    • On Windows, by default, this folder is located at C:/ProgramData/PuppetLabs/puppet/etc/ssl.
  2. Clean the previous certificate on the primary server: puppetserver ca clean --certname <AGENT_CERT_NAME>.
  3. Generate a new certificate by running: puppet agent -t.
  4. Sign the new certificate on the primary server.

To manage certificate signing requests in PE, read our documentation.

Did this solve your problem?
1 out of 8 found this helpful

How can we improve this article?

0 comments

Please sign in to leave a comment.

Related articles