Does 'puppet ssl bootstrap' only result in a new certificate if the existing one is expired?
Currently we have a process that backs up the ssl directory, deletes it, and forces a puppet agent run:
puppet agent -t --tag=nosuchtag
The backing up and deleting of 'ssl' seems over kill but we are trying to renew our certificates monthly. Also, we insert a OTP into the car_attributes.yaml file, and it is rather short lived.
Thanks,
Bob