Possible Solution 1:
Using the puppet cert clean
on the puppet master is the proper way. However since you're getting errors you may have a bad inventory of certificates.
Try doing a re-inventory then a clean:
$ puppet cert reinventory
$ puppet cert clean --all
Note: my example uses the --all
flag, this will clear out all certificates, signed and unsigned. Also, be aware that the Puppet master should be stopped before running a reinventory
.
Source: http://docs.puppetlabs.com/references/3.6.2/man/cert.html
Possible Solution 2:
$ puppet cert sign wrong.host.name
Notice: Signed certificate request for wrong.host.name
Notice: Removing file Puppet::SSL::CertificateRequest wrong.host.name at '/var/lib/puppet/ssl/ca/requests/wrong.host.name.pem'
$ puppet cert clean wrong.host.name
Notice: Revoked certificate with serial 87
Notice: Removing file Puppet::SSL::Certificate wrong.host.name at '/var/lib/puppet/ssl/ca/signed/wrong.host.name.pem'
Notice: Removing file Puppet::SSL::Certificate wrong.host.name at '/var/lib/puppet/ssl/certs/wrong.host.name.pem'
Possible Solution 3:
First: On Server
$ puppet cert --revoke wrong.host.name
$ puppet cert --clean wrong.host.name
Second: On Client
$ rm -rf /usr/lib/puppet/ssl
$ puppet agent --server [puppetmaster domain name] --waitforcert 60
Third: On Server (adjust as necessary)
$ puppet cert --list (you should see your host)
$ puppet cert --sign wrong.host.name
Also, double check that your client can reach your [puppetmaster domain name].
Source: https://serverfault.com/questions/574976/puppet-trying-to-configure-puppet-client-for-first-use-but-got-some-problems-wi
This is the right answer. All of the instructions given by the accepted answer either do not work or require you to sign certificates you know to be bad. – tedivm – 2015-04-08T21:01:50.257
What @tedivm said. Therefore: +1. – gf_ – 2016-07-19T09:51:11.630
This works, but it got marked as deprecated. Anyone know what the new method is? – Swiss – 2017-04-11T22:41:45.827
@Swiss do you have a link to some docs showing it's deprecated? – Nick – 2017-04-16T16:23:18.730
@Nick When running it:
@Swiss Ah yes - can see they did this code change in January - https://github.com/puppetlabs/puppet/commit/3692abf65707b8b305f2817527511b9521313fdc - Not clear what replaces
– Nick – 2017-04-18T13:36:01.197ca destroy
though!1
puppet cert clean
now works to remove requests. See the linked bug report. – 7yl4r – 2018-09-11T17:09:39.433