how to remove a bad puppet certificate

occasionally, puppet clients end up with an ssl cert that differs from the server, e.g. when rebuilding an existing host. for the following, assume a client hostname of to remove the existing certs from the server and client do:

  • server (i.e.,

    puppet cert --clean
  • client (

    rm -rf /var/lib/puppet/ssl

this assumes that puppet is installed into the default location.