OS: CentOS 7 VM
Docker latest version
Commands Executed:
1) docker swarm init
2) docker swarm join --token SWMTKN-1-3iqtmbz55yvhxkahe2ncs7d9ebxzlzmw1pwhqzvmcemiolef63-3muc4qjs3mbvh53t8ktzzmb22 192.168.10.108:2377
Error: Error response from daemon: error while validating Root CA Certificate: x509: certificate has expired or is not yet valid
As you can see, swarm join is giving me this error. What is the reason for this error and where is it coming from?
Regards Aditya
Had similar issue because swarm init generated ca certificate with start date in future. Possibly due to ntp lag.
CA cert info may be acquired using following command:
docker swarm ca | openssl x509 -noout -text
The output will look something like this:
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
...
Signature Algorithm: ecdsa-with-SHA256
Issuer: CN=swarm-ca
Validity
Not Before: Oct 24 20:25:00 2018 GMT
Not After : Oct 19 20:25:00 2038 GMT
Subject: CN=swarm-ca
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
...
...
...
...
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Key Usage: critical
Certificate Sign, CRL Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
...
Signature Algorithm: ecdsa-with-SHA256
...
...
...
...
You can see the range of validity is between Oct 24 20:25:00 2018 GMT and Oct 19 20:25:00 2038 GMT. If the machine trying to join the swarm doesn't have its clock in that interval, it will fail with that error.