5.3. Cleaning up SSL certificates
Due to the volatile nature of Genome machines there occasionally comes a need to clean up SSL certificates. To clean up all Puppet certs you can simply stop the puppetmaster (in the case of a Repo Application) and puppetd services and then remove /var/lib/puppet/ssl
. When you start the services back up the certificates will be created anew.
Sometimes the Puppetmaster will have a cert that corresponds to a machine previously provisioned with the same hostname. Our bootstrap process cleans this up automatically but it's not hard to get into a state where it will need to be cleaned manually on the Puppetmaster side. Luckily this is easy to do. The error from Puppet even hints at how to do it. Login to your Repo Appliance as the local user (usually genome) and run sudo /usr/sbin/puppetca --clean [your hostname]
sudo access to puppetca has been given to the local Genome user.