When you install Puppet agent on a node where it was previously installed, you might get a does not match its private key error.
Error messages
Error: The certificate for 'CN=puppet-agent.example.com' does not match itsIf Puppet agent was previously installed on the node, the node might be using an old certificate to communicate with the primary server. If that certificate contains incorrect information about the primary server, it causes an error.
Version and installation information
PE version: All supported
Solution
To fix the problem, complete the following steps to purge and remove the old certificate and generate a new, valid one.
-
On the primary server, run
puppet node purge <AGENT NODE CERTNAME>to purge the node’s information, including certificates, from the primary server. This also updates the certificate revocation list (CRL). -
On the agent node, remove old certificates in the ssldir.
-
On the agent node, generate a new certificate request by running Puppet:
puppet agent -t -
On the primary server, sign the certificate request.
-
On the agent node, make the node available in the console by running Puppet:
puppet agent -t
How can we improve this article?
0 comments
Please sign in to leave a comment.
Related articles