This is very important under certain situations. For example, when a new node comes up which existed previously, then you should to regenerate the SSL stuff, deleting the local CSR and certificates, and clear the signed certificate in the puppet server too.
Inside the node
find /etc/puppetlabs/puppet/ssl/certs/ -type f -name "$(hostname --fqdn).pem" -delete
If after applying this you still have issues…
sudo rm -fr /etc/puppetlabs/puppet/ssl/*
On the Puppet Server
Take a look to the list of signed certificates
puppet cert list --all
Delete the certificates of the right nodes
puppet cert clean $fqdn_of_the_node
How to repair a set of puppet nodes in a loop.
You should execute that from the SSH bastion
Be careful with the role, think that we’ve these: {eureka,hazelcast,mqtt}-{dev,stg,tmm}-{001..003}
for node in eureka-dev-{001..003}.fon.int; do
ssh $node "sudo find /etc/puppetlabs/puppet/ssl -type f -name $node.fon.int.pem -delete; sudo /opt/puppetlabs/puppet/bin/puppet agent -vt"
done