TLS handshake errors all of a sudden (alll nodes)

[prologic]

Anyone seen or getting this error on their BurmillaOS ndoes:

2021-11-19 20:42:39.136737 I | http: TLS handshake error from <refacted>:55554: remote error: tls: unknown certificate authority

This is occurring on all 6 nodes all of a sudden overnight. I didn't do anything here. Regenerating the certs also doesn't appear to help.

[olljanat]

Can you share more details about your configuration? You say all nodes so are running swarm, kubernetes, etc? Or are those single nodes?

Which OS version? Which hypervisor/bare metal?

Also where you see that error?

Probably it would good idea create issue and will details asked on it too.

[prologic]

I will answer and solve my own question.

TL;DR: Expired Root CA.

Turns out the following happened:

• My docker-machine CA expired.
• This is the CA used by all my Docker Swarm nodes running BurmillaOS (I would never use Kubernetes :D)
• Apparently docker-machine regenerate-certs does not care for, nor chec or attempt to update an old expired CA it used previously.
• But docker-machine create -f -d generic ... does.

Basically I manage all my (still) via docker-machine's generic driver.

I could switch to using the newer docker context over SSH tunnels, but I just can't be bothered changing my habits 😅

[prologic]

I will answer and solve my own question.

TL;DR: Expired Root CA.

Turns out the following happened:

• My docker-machine CA expired.
• This is the CA used by all my Docker Swarm nodes running BurmillaOS (I would never use Kubernetes :D)
• Apparently docker-machine regenerate-certs does not care for, nor chec or attempt to update an old expired CA it used previously.
• But docker-machine create -f -d generic ... does.

Basically I manage all my (still) via docker-machine's generic driver.

I could switch to using the newer docker context over SSH tunnels, but I just can't be bothered changing my habits 😅