how to remove a bad puppet certificate

occasionally, puppet clients end up with an ssl cert that differs from the server, e.g. when rebuilding an existing host. for the following, assume a client hostname of spam.example.com. to remove the existing certs from the server and client do:

  • server (i.e., puppet.example.com)

    puppet cert --clean spam.example.com
  • client (spam.example.com)

    rm -rf /var/lib/puppet/ssl

this assumes that puppet is installed into the default location.