Use puppetca to list and remove certificates

puppetca-list-clean.sh

# You can use puppetca --list fqdn for a specific fqdn or puppetca --list --all to show all
# This example shows that li220-252.members.linode.com exists
[root@puppet ~] puppetca --list li220-252.members.linode.com
+ li220-252.members.linode.com (88:80:14:7A:67:F6:A3:B8:F3:AB:7F:59:FC:8A:29:31)

# This example shows that li220-252.members.linode.com does not exist
[root@puppet ~] puppetca --list li220-252.members.linode.com
err: Could not call list: Could not find a certificate for li220-252.members.linode.com

# If the certificate already exists you should remove it before requesting a new connection
[root@puppet ~] puppetca --clean li220-252.members.linode.com
notice: Revoked certificate with serial 9
notice: Removing file Puppet::SSL::Certificate li220-252.members.linode.com at '/var/lib/puppet/ssl/ca/signed/li220-252.members.linode.com.pem'
notice: Removing file Puppet::SSL::Certificate li220-252.members.linode.com at '/var/lib/puppet/ssl/certs/li220-252.members.linode.com.pem'