Why do my SERVER certs get revoked?

[Dayton Jones]

I'm intermittently getting 

     Warning: SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed: [certificate revoked for /CN=my.puppet.master] 

when clients try to connect...this is very random and could go months without the error, but I've got it several times in the last 3 days.  The "fix" is stop the puppetmaster, remove it's certs/regen and restart puppetmaster and then have the clients reattempt the connection...

But WHY is the cert getting revoked?  What can I look at to see why this happens, I've checked the logs but don't see anything that sticks out...  Server/clients are all synced and agree on the time, DNS is working properly... any pointers would be greatly appreciated.

[John Gelnaw]

Check your time on client and server.