https requests during ignition fail due to out-of-sync system clock - X509 certificate not yet available

[Valdenhub]

Describe the bug
During a bare metal (Raspberry Pi 4) ignition, I'm unable to retrieve a remote ignition config from a trusted source, because the system time apparently has not been synced yet, even though the ignition process is already accessing internet no problem, judging from the ability to read the target certificate chain.

Reproduction steps
Steps to reproduce the behavior:

1. Create ignition config that merges or replaces from a https source
2. Ignite on bare metal, where the default system time could be a hit or miss. The system should have access to internet.

Expected behavior
Time synchronization should happen early on during the ignition, or at least be configurable.

Actual behavior
Https requests fail because the remote certificate is not valid yet.

System details

• Bare Metal - Raspberry Pi 4 Model B
• Fedora CoreOS version: 36.20221001.3.0

Butane config

variant: fcos
version: 1.4.0
ignition:
  config:
    merge:
      - source: https://url-to-ignition/file.ign

[travier]

That would be a feature request for Ignition to force a time sync using NTP/NTPS, but it would need a config to figure out which NTP/NTPS server to use.

[Valdenhub]

Moved the discussion to coreos/ignition#1484
Thanks for pointing me to right direction.

[bgilbert]

See coreos/ignition#870.