Swarm manager cert with start date in the future: Failing with: Error response from daemon: error while validating Root CA Certificate: x509: certificate has expired or is not yet valid #400
[x] I searched existing issues before opening this one
Situation
I have 3 nodes that I want to play with managers and workers. My first one (Debian) I made it into a swarm manager:
root@debiancli:~# docker swarm init --advertise-addr 192.168.182.129
Swarm initialized: current node (mkg6ecl3x28uyyqx7gvzz0ja3) is now a manager.
To add a worker to this swarm, run the following command:
docker swarm join --token SWMTKN-1-47h52q7mpdkhbi4dsqyjt7pnjqgvm4oxxfh87k6e2hoj8f4op0-2p1zkg309owyophvk95bw7rj0 192.168.182.129:2377
To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.
On my second soon-to-be node (CentOS), I tried to join it to the cluster:
[root@centostraining ~]# docker swarm join --token SWMTKN-1-47h52q7mpdkhbi4dsqyjt7pnjqgvm4oxxfh87k6e2hoj8f4op0-2p1zkg309owyophvk95bw7rj0 192.168.182.129:2377
Error response from daemon: error while validating Root CA Certificate: x509: certificate has expired or is not yet valid
but it said, as shown above, that the certificate is not valid (date issue). I checked the date on my Debian and it is fine
root@debiancli:~# date
Tue Aug 14 22:02:29 EDT 2018
I also checked the date in my CentOS:
[root@centostraining ~]# date
Ter Ago 14 22:05:05 -03 2018
Now, I checked my swarm manager CA cert date:
root@debiancli:~# docker swarm ca | openssl x509 -noout -text | grep -E "Before|After"
Not Before: Aug 15 01:58:00 2018 GMT
Not After : Aug 10 01:58:00 2038 GMT
So, weirdly enough, my certificate was generated to start the day after it was generated?
Then on my future node (CentOS), if I change the date:
[root@centostraining ~]# date +%Y%m%d -s "20180816"
20180816
[root@centostraining ~]# date
Qui Ago 16 00:00:01 -03 2018
[root@centostraining ~]# docker swarm join --token SWMTKN-1-47h52q7mpdkhbi4dsqyjt7pnjqgvm4oxxfh87k6e2hoj8f4op0-2p1zkg309owyophvk95bw7rj0 192.168.182.129:2377
This node joined a swarm as a worker.
Voilá, it now works as expected. Can anyone explain why my swarm ca cert is "in the future"?
Output of docker version:
# docker version
Client:
Version: 18.06.0-ce
API version: 1.38
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:09:33 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.0-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:07:38 2018
OS/Arch: linux/amd64
Experimental: false
Situation
I have 3 nodes that I want to play with managers and workers. My first one (Debian) I made it into a swarm manager:
On my second soon-to-be node (CentOS), I tried to join it to the cluster:
but it said, as shown above, that the certificate is not valid (date issue). I checked the date on my Debian and it is fine
I also checked the date in my CentOS:
Now, I checked my swarm manager CA cert date:
So, weirdly enough, my certificate was generated to start the day after it was generated? Then on my future node (CentOS), if I change the date:
Voilá, it now works as expected. Can anyone explain why my swarm ca cert is "in the future"?
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.)