Time is an important factor in maintaining integrity between SSL connections. puppetlabs/ntp is usually the module most curated by Puppet, due to the fact that Puppet needs an accurate date and time on each node during a transaction. If you receive a message stating that the certificate revocation list (CRL) is not yet valid on your runs, ensure that NTP is properly configured across your nodes:
[root@wordpress puppet]# puppet agent -tWarning: Unable to fetch my node definition, but the agent run will continue:Warning: SSL_connect returned=1 errno=0 state=error: certificate verify failed: [CRL is not yet valid for /CN=Puppet Enterprise CA generated on pe-puppet-master at +2018-06-15 02:28:12 +0000]Info: Retrieving pluginfacts ...