All HowTo's

Puppet err: Could not retrieve catalog from remote server: hostname was not match with the server certificate

This article explains the error “err: Could not retrieve catalog from remote server: hostname was not match with the server certificate”.

This error suggests that the Puppet servers SSL certificate’s name is not when the Puppet client expect. On the Puppet server, issue the command:

puppet cert print $(puppet master --configprint certname)

The above command has several lines. Pay attention to the line looking like this:

Subject: CN=server.example.com

The server name in the above example is “server.example.com” but would be different in your situation. The problem is that the server name is not what the Puppet client expects. In the default situation, the Puppet client expects that server name to be “puppet” as in the following example:

Subject: CN=puppet

So the solution is to:

1. Remove the certificate on the Puppet server. You can remove all of them or just the one you want. The following command removes all SSL certificates used by the Puppet server:

rm -rf /var/lib/puppet/ssl

2. Remove the certificate on the Puppet client with the same command:

rm -rf /var/lib/puppet/ssl

3. Temporarily set the Puppet servers host name:

hostname puppet

4. Restart the Puppet server:

service puppetmaster restart

5. Re-run the SSL certificate verification command to check the host name in the certificate.

puppet cert print $(puppet master --configprint certname)

6. Restart the Puppet client:

service puppet restart