on the foreman server I had to run:
puppet cert clean client-certname
on the client
rm -rf /var/lib/puppet/ssl
and
puppet agent -td --server=<foremanservername>
Additional Hints
To fix this, remove the certificate from both the master and the agent and then start a puppet run, which will automatically regenerate a certificate.
On the master:
puppet cert clean <fqdn-hostname>
On the agent:
1a. On most platforms: find /var/lib/puppet/ssl -name <fqdn-hostname>.pem -delete
1b. On Windows: del "\var\lib\puppet\ssl\certs\<fqdn-hostname>.pem" /f
2. puppet agent -t