Recém-instalado Puppet Environment não funciona, CSR não corresponde à chave pública

Eu quero brincar com o fantoche, então eu configurei um pequeno ambiente de teste, consistindo de 4 VMs

• pfSense: roteador
• Windows Server 2012 R2: DNS, DHCP
• Ubuntu Server 16.04: Puppetmaster
• Ubuntu Server 16.04: Agente de marionetes

O DNS está configurado corretamente, ele responde a todas as pesquisas direta e inversa corretamente.

Aqui está o conjunto de comandos que eu executei em ambos os ubuntu vms (configuração básica)

sudo dpkg-reconfigure keyboard-configuration
sudo apt-get install -y vim openssh-server ntp
sudo dpkg-reconfigure tzdata

vi /etc/hostname (set to puppet / puppetclient)
sudo reboot now

wget https://apt.puppetlabs.com/puppetlabs-release-pc1-xenial.deb
sudo dpkg -i puppetlabs-release-pc1-xenial.deb
sudo apt-get update

E depois no mestre:

sudo apt-get -y install puppetserver
sudo /opt/puppetlabs/bin/puppet resource service puppetserver ensure=running enable=true
sudo service puppetserver restart

O serviço-servidor puppets está funcionando bem (após atribuir 6GB de RAM à VM;))

No cliente:

sudo apt-get install puppet-agent
sudo /opt/puppetlabs/bin/puppet resource service puppet ensure=running enable=true

No cliente, eu faço um:

puppet agent --server puppet.puppet.intra --waitforcert 60 --test

Isso é respondido por

Error: Could not request certificate: The CSR retrieved from the master does not match the agent's public key.
CSR fingerprint: 82:F5:08:CC:98:8A:D1:8F:EC:3D:B0:F7:5B:EB:43:FC:FC:0D:95:30:E8:6F:7F:81:9E:1B:02:CB:A4:01:0E:50
CSR public key: Public-Key: (4096 bit)
Modulus:
    ...
Exponent: 65537 (0x10001)

Agent public key: Public-Key: (4096 bit)
Modulus:
    ...
Exponent: 65537 (0x10001)

To fix this, remove the CSR from both the master and the agent and then start a puppet run, which will automatically regenerate a CSR.
On the master:
  puppet cert clean puppetclient.puppet.intra
On the agent:
  1a. On most platforms: find /home/administrator/.puppetlabs/etc/puppet/ssl -name puppetclient.puppet.intra.pem -delete
  1b. On Windows: del "\home\administrator\.puppetlabs\etc\puppet\ssl\certs\puppetclient.puppet.intra.pem" /f
  2. puppet agent -t

Claro, executei as etapas de solução de problemas propostas, sem resultado. Eu verifiquei ainda mais:

• posso abrir a porta 8140 no servidor
• as configurações de horário para correspondência
• ambas as máquinas têm o nome de host correto definido e são resolvidas pelo DNS corretamente

O que estou fazendo de errado?

Atenciosamente, Christian

Edit

I just realized something: It seems like the problem only occurs when I try to run puppet as a different user than I installed it with.
I wanted to run puppet agent -t as root with sudo on an OS X client and got the error message described earlier. When I run puppet as the user I installed it with, the error doesn't occur.

How can I fix this?