Error happens when running

puppetclient ~# puppet agent -t

Happens on new server or reinstalled server with puppet when private key changes.

Go to the puppetserver instance/server and clean the old cert

puppetserver ~# puppetserver ca clean --certname server-hostname.com

Rerun the puppet agent -t command again on client then on server you should see a requested certificate which you need to sign:

puppetserver ~# puppetserver ca list 
Requested Certificates:
  server-hostname.com       (SHA256)    A1:F1:71:29:CD:A7:AC:6C:25:6B:CB:64:95:57:9B:20:1E:E4:11:84:92:C6:7C:4C:7C:57:0C:7E:A4:0E:76:AF

puppetserver ~# puppetserver ca sign --certname server-hostname.com

Now you can run puppet agent on client again.

• puppetserver version: 7.9.1