I manage several few locations, each with a puppet master and several clients. I am having trouble keeping the certs clean. Yesterday I had a working environment, but today after the clients' daily reboot, the SSL certs had to be cleaned.
pclient:~ # puppet agent --test
warning: iconv doesnt seem to support UTF-8/UTF-16 conversions
err: Could not request certificate: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Exiting; failed to retrieve certificate and waitforcert is disabled
The puppet log also shows the error:
Tue Mar 03 13:24:43 -0500 2015 Puppet (err): Could not retrieve catalog from remote server: Retrieved certificate does not match private key; please remove certificate from server and regenerate it with the current key
Tue Mar 03 13:24:43 -0500 2015 Puppet (notice): Using cached catalog
Tue Mar 03 13:24:43 -0500 2015 Puppet (err): Could not retrieve catalog; skipping run
What confuses me is that md5sums for the certs match on the master and client:
162270fc3e742a91777b8272824e2da4 pmaster:/var/lib/puppet/ssl_master/ca/signed/pclient.mydomain.net.pem
162270fc3e742a91777b8272824e2da4 pclient:/var/lib/puppet/ssl/certs/pclient.mydomain.net.pem
Why do I have to clean the certs every day?
Is it the daily reboot on the client that makes it fail?
Is there a way I can configure the master or the client to use the certs that it has?
↧