{{tag>puppet troubleshooting}}

====== Puppet troubleshooting ======
===== Error: The certificate for 'CN=server-hostname.com' does not match its private key =====
Error happens when running

  puppetclient ~# puppet agent -t

Happens on new server or reinstalled server with puppet when private key changes.

Go to the puppetserver instance/server and clean the old cert

  puppetserver ~# puppetserver ca clean --certname server-hostname.com

Rerun the ''puppet agent -t command'' again on client then on server you should see a requested certificate which you need to sign:

  puppetserver ~# puppetserver ca list 
  Requested Certificates:
    server-hostname.com       (SHA256)    A1:F1:71:29:CD:A7:AC:6C:25:6B:CB:64:95:57:9B:20:1E:E4:11:84:92:C6:7C:4C:7C:57:0C:7E:A4:0E:76:AF

  puppetserver ~# puppetserver ca sign --certname server-hostname.com

Now you can run puppet agent on client again.

====== Tested on ======
  * puppetserver version: 7.9.1

====== See also ======

====== References ======