There's unfortunately no automated process, because of the chicken and egg problem, although you could automate the steps via orchestration tools like Ansible. If you're planning to automate via MCollective, remember that its certificates are usually also signed by the Puppet Master's CA so it will also have expired by now. I'd use Ansible for this, or do it manually if it's a handful of servers.
Essentially, it boils down to this:
- Clear and Regenerate Certs on Your Puppet Master
- Clear and Regenerate Certs for any Extensions
- Clear and Regenerate Certs for Puppet Agents
Puppet labs has documented the required steps in detail here: http://docs.puppetlabs.com/puppet/3.7/reference/sslregeneratecertificates.html
You're probably aware of this but 0.25.4 is a very old (almost 5 years old) and no longer updated version and it would be wise to upgrade. So many bugs have been fixed since that time and modern Puppet features allow you to do many cool things.