This is very important under certain situations. For example, when a new node comes up which existed previously, then you should to regenerate the SSL stuff, deleting the local CSR and certificates, and clear the signed certificate in the puppet server too.

Inside the node

find /etc/puppetlabs/puppet/ssl/certs/ -type f -name "$(hostname --fqdn).pem" -delete

If after applying this you still have issues…

sudo rm -fr /etc/puppetlabs/puppet/ssl/*

On the Puppet Server

Take a look to the list of signed certificates

puppet cert list --all

Delete the certificates of the right nodes

puppet cert clean $fqdn_of_the_node

How to repair a set of puppet nodes in a loop.

 You should execute that from the SSH bastion
 Be careful with the role, think that we’ve these: {eureka,hazelcast,mqtt}-{dev,stg,tmm}-{001..003}

for node in eureka-dev-{001..003}.fon.int; do
  ssh $node "sudo find /etc/puppetlabs/puppet/ssl -type f -name $node.fon.int.pem -delete; sudo /opt/puppetlabs/puppet/bin/puppet agent -vt"
done