Certificate validation failed: code 7: certificate signature failure

I set up a clustered setup and found out that I had misnamed my master server endpoint in the director endpoint configuration. No problem, i changed the name, but I got these errors in the log:
[2021-03-11 14:30:22 -0500] information/ApiListener: Finished reconnecting to endpoint masterl’ via host ‘master’ and port ‘5665’
[2021-03-11 14:30:32 -0500] information/ApiListener: Reconnecting to endpoint ‘master’ via host ‘masterl’ and port ‘5665’
[2021-03-11 14:30:32 -0500] warning/ApiListener: Certificate validation failed for endpoint ‘master’: code 7: certificate signature failure
[2021-03-11 14:30:32 -0500] information/ApiListener: New client connection for identity ‘master’ to [master.server.ip.address]:5665 (certificate validation failed: code 7: certificate signature failure)

[2021-03-11 14:32:32 -0500] information/JsonRpcConnection: Closing anonymous connection [director.ip.address]:37574 after 10 seconds.
[2021-03-11 14:32:32 -0500] warning/JsonRpcConnection: API client disconnected for identity ‘director’
[2021-03-11 14:32:32 -0500] information/ApiListener: New client connection for identity ‘director’ from [director.ip.address]:37578 (certificate validation failed: code 7: certificate signature failure)
[2021-03-11 14:32:42 -0500] information/ApiListener: New client connection for identity 'directir from [director.ip.address]:37584 (certificate validation failed: code 7: certificate signature failure)

so, i searched, and found someone else who had the same issue I had. I followed his instructions, listed here:
stop the icinga2 service on master and satellite
remove the ca from the master (at /var/lib/icinga2/ca)
ran ‘icinga2 api setup’ on the master
remove all previous certs for the master (at /var/lib/icinga2/certs)
on the satellite, removed previous certs (at /var/lib/icinga2/certs))
ran the ‘icinga2 node wizard’ on the master
ran the ‘node wizard’ on the slave and when prompted, gernated the ticket.
on the master ran ‘ca sign’

This did not resolve my issue. I can only assume that the director somehow is keepting track of my certificates? I suppose my next step is to completely remove the master server and rebuild it, but I am not so certain that this will fix the issue. any input would help.

Deleting the server, and rebuilding it, reinstalling the master, and then running the node wizard on a brand new server did not fix the issue. The issue is somewhere on the director, or the web node, but I am unable to find where that configuration exists. Of course, it could also be in the database. Can someone direct me to how the certificates are signed, transfered and distributed throughout the icinga director? Thanks!

When I attempt to delete the master entry from the director, i get this error. Could it be related?
SQLSTATE[23000]: Integrity constraint violation: 1451 Cannot delete or update a parent row: a foreign key constraint fails (“director”.“icinga_service”, CONSTRAINT “icinga_service_zone” FOREIGN KEY (“zone_id”) REFERENCES “icinga_zone” (“id”) ON UPDATE CASCADE), query was: DELETE FROM icinga_zone WHERE (id = ‘10’)

eh, i found the problem with this one. There was an object that still was using master.

an update, but still not resolved. I searched the icinga database for the wrongly named server string, and i found it in the icinga_objects database. I removed it, but it did not solve the issue.

I also searched the icinga_web/director host to see if i could find the string there, and I was not able to find it. Could it be, somehow, that a certificate on the web instance is pointing to the master instance? I wouldn’t ever find it then.

At this point, rebuilding the entire environment may be quicker than attempting to track down the issue.

after re-deploying everything the original issue is fixed, but now I cannot get rid of this message:

warning/ApiListener: Unexpected certificate common name while connecting to endpoint

im impressed, this issue still persists. it appears to be a feature of icinga director and master…