Regenerate replica certificates

Regenerate replica certificates for your disaster recovery installation to specify a new DNS alt name or other trusted data, or if you recreated your certificate authority.

On your primary server, log in as root, and run the following command. Specify any additional parameters required for your environment and use case.

puppet infrastructure run regenerate_replica_certificate target=<REPLICA_HOSTNAME>

If you use DNS alternative names, specify dns_alt_names as a comma-separated list of names to add to agent certificates.
To ensure naming consistency, if your puppet.conf file includes a dns_alt_names entry, you must include the dns_alt_names parameter and pass in all alternative names included in the entry when regenerating your agent certificates.
If you recreated your certificate authority, or are otherwise unable to connect to the replica with the orchestrator, specify --use-ssh and any additional parameters needed to connect over SSH.

Results
The replica's SSL directory is backed up to /etc/puppetlabs/puppet/ssl_bak, its certificate is regenerated and signed, a Puppet run completes, and the replica resumes its role in your deployment.