Many thanks for the re-signing of the CA idea. I can report that it worked for me, although I had to run the webrick version of puppetmaster to regenerate the puppet master's certificate.
Since I have a full mcollective deployment as well, I was able to use the following steps to automate the cert regen on my clients: puppet cert clean <host> mco puppet resource exec "/bin/rm -rf /var/lib/puppet/ssl/*" -W fqdn=<host> mco puppet runonce -W fqdn=<host> puppet cert sign <host> I think I'll run a nightly cron job off my puppet server to search for certificate files that are within 14 days of expiring, and auto-regen them using this method. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/69509286-2f96-49cd-8b5c-2d5dc9f285da%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.