keytool error: java.lang.Exception: Public keys in reply and keystore don't match

[HirossxD]

Trying to deploy CDP private cluster with kerberos, ranger and autotls.

playbook execution command:

ansible-playbook /runner/project/cloudera-deploy/main.yml -e "definition_path=/runner/project/cloudera-deploy/examples/sandbox" -e "profile=/home/runner/.config/cloudera-deploy/profiles/default" -t default_cluster,kerberos,tls  -i "/runner/project/cloudera-deploy/examples/sandbox/inventory_static.ini" --flush-cache

After execution, playbook fails on the task:

TASK [cloudera.cluster.tls_install_certs : Install signed certificate reply into keystore] ***
task path: /opt/cldr-runner/collections/ansible_collections/cloudera/cluster/roles/security/tls_install_certs/tasks/main.yml:126

with error below (on each node)

[ "cmd": "/usr/bin/keytool -importcert -alias \"node1.domain.com\" -file \"/opt/cloudera/security/pki/node1.domain.com.pem\" -keystore \"/opt/cloudera/security/pki/node1.domain.com.jks\" -storepass \"changeme\" -trustcacerts -noprompt](fatal: [node1.domain.com]: FAILED! => {"changed": false, "cmd": "/usr/bin/keytool -importcert -alias \"node1.domain.com\" -file \"/opt/cloudera/security/pki/node1.domain.com.pem\" -keystore \"/opt/cloudera/security/pki/node1.domain.com.jks\" -storepass \"changeme\" -trustcacerts -noprompt\n", "delta": "0:00:00.247693", "end": "2023-01-09 13:27:30.366003", "failed_when_result": true, "msg": "non-zero return code", "rc": 1, "start": "2023-01-09 13:27:30.118310", "stderr": "", "stderr_lines": [], "stdout": "keytool error: java.lang.Exception: Public keys in reply and keystore don't match", "stdout_lines": ["keytool error: java.lang.Exception: Public keys in reply and keystore don't match"]})

Any idea why is this happening ?

I have tried to import certs manually via

/usr/bin/keytool -importcert -alias node1.domain.com -file /opt/cloudera/security/pki/node1.domain.com.pem -keystore /opt/cloudera/security/pki/node1.domain.com.jks -trustcacerts -noprompt

And the cert have been added successfully...

[HirossxD]

Issue has dissapeared after manually deleting certs from keystore, removing /ca folder from [ca_server] and re-deploying the cluster several times