Invalid puppet certificate after provisioning : The certificate for 'CN=...' does not match its private key

Problem:
I provisined host and found it is not in sync. puppet agent -t gives me this

[root@mamie-regner ~]# puppet agent -t
Info: csr_attributes file loading from /etc/puppetlabs/puppet/csr_attributes.yaml
Info: Creating a new SSL certificate request for mamie-regner.domain.local
Info: Certificate Request fingerprint (SHA256): 90:DF:4D:9C:38:B7:89:A8:E4:BD:D8:9F:11:14:9C:2C:AC:80:C7:E4:AD:34:6D:E0:0C:86:20:5B:20:80:6C:68
Info: Downloaded certificate for mamie-regner.domain.local from https://foreman.domain.local:8140/puppet-ca/v1
Error: The certificate for ‘CN=mamie-regner.domain.local’ does not match its private key
Error: Could not run: The certificate for ‘CN=mamie-regner.domain.local’ does not match its private key

Expected outcome:
puppet agent sync with puppetserver and sync state

Foreman and Proxy versions:
3.0.1
Foreman and Proxy plugin versions:
Centos 7.9

I am new to puppet and foreman. I guess I missed something in my configuration but can not find where.

Have you had any luck with resolving this @adk ? I’m running into the same issue…

I followed this article to clear error puppet agent -t Error: The certificate retrieved from the master does not match the agent's private key - Red Hat Customer Portal

for new hosts: after puppet-agent instalation, I make changes in puppet config file and then enable puppet service. My error was starting puppet-agent without proper configuration

1 Like