This is very important under certain situations. For example, when a new node comes up which existed previously, then you should to regenerate the SSL stuff, deleting the local CSR and certificates, and clear the signed certificate in the puppet server too.

### Inside the node

find /etc/puppetlabs/puppet/ssl/certs/ -type f -name "$(hostname --fqdn).pem" -delete  #### If after applying this you still have issues… sudo rm -fr /etc/puppetlabs/puppet/ssl/*  ### On the Puppet Server #### Take a look to the list of signed certificates puppet cert list --all  #### Delete the certificates of the right nodes puppet cert clean$fqdn_of_the_node


### How to repair a set of puppet nodes in a loop.

You should execute that from the SSH bastion
Be careful with the role, think that we’ve these: {eureka,hazelcast,mqtt}-{dev,stg,tmm}-{001..003}

for node in eureka-dev-{001..003}.fon.int; do
ssh $node "sudo find /etc/puppetlabs/puppet/ssl -type f -name$node.fon.int.pem -delete; sudo /opt/puppetlabs/puppet/bin/puppet agent -vt"
done