How to change Puppet SSL certificates

Problem:
The hostname of the linux vm is mxktl01, but I changed successfully Katello url to katello.<domain>.net
I want to do the same with Puppet server.
The issue is I get errors on the SSL certificate because the certificate used is still with the old name.

Following is output from my test machine

[root@mxmlz01 puppet]# puppet agent -t
Info: Using environment 'production'
Error: Server hostname 'katello.<domain>.net' did not match server certificate; expected one of mxktl01.<domain>.net, DNS:puppet, DNS:mxktl01.<domain>.net
Error: Could not retrieve catalog from remote server: Server hostname 'katello.<domain>.net' did not match server certificate; expected one of mxktl01.<domain>.net, DNS:puppet, DNS:mxktl01.<domain>.net
Warning: Not using cache on failed catalog
Error: Could not retrieve catalog; skipping run
Error: Could not send report: Server hostname 'katello.<domain>.net' did not match server certificate; expected one of mxktl01.<domain>.net, DNS:puppet, DNS:mxktl01.<domain>.net

puppet.conf on the client machine

[agent]
    server = katello.<domain>.net
    serverport = 8140
    runinterval = 1800

This is what I’ve tried without luck:

foreman-installer \
 --certs-server-cert /root/<domain>_certs/<domain>_net.crt \
 --certs-server-key /root/<domain>_certs/private.key \
 --certs-server-ca-cert /root/<domain>_certs/<domain>_net.ca-bundle \
 --foreman-proxy-puppet-ssl-ca /etc/puppetlabs/puppet/ssl/<domain>_certs/<domain>_net.ca-bundle \
 --foreman-proxy-puppet-ssl-cert /etc/puppetlabs/puppet/ssl/<domain>_certs/<domain>_net.crt \
 --foreman-proxy-puppet-ssl-key /etc/puppetlabs/puppet/ssl/<domain>_certs/private.key \
 --foreman-plugin-puppetdb-ssl-ca-file /etc/puppetlabs/puppet/ssl/<domain>_certs/<domain>_net.ca-bundle \
 --foreman-plugin-puppetdb-ssl-certificate /etc/puppetlabs/puppet/ssl/<domain>_certs/<domain>_net.crt \
 --foreman-plugin-puppetdb-ssl-private-key /etc/puppetlabs/puppet/ssl/<domain>_certs/private.key \
 --certs-update-all 

Expected outcome:
Puppet agent not giving SSL error
Foreman and Proxy versions:
Foreman 2.5.4
Foreman and Proxy plugin versions:
Katello 4.1.4

Distribution and version:
CentOS 7
Other relevant data: