Error checking and/or regenerating the certs

[anentropic]

$ eval $(docker-machine env mymachine)
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": x509: certificate has expired or is not yet valid
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

$ docker-machine regenerate-certs mymachine
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...

$ eval $(docker-machine env mymachine)
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": x509: certificate has expired or is not yet valid
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

$ docker-machine restart mymachine
Restarting "mymachine"...
(depop) Check network to re-create if needed...
(depop) Waiting for an IP...
Waiting for SSH to be available...
Detecting the provisioner...
Restarted machines may have new IP addresses. You may need to re-run the `docker-machine env` command.

$ eval $(docker-machine env mymachine)
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": x509: certificate has expired or is not yet valid
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

$ docker-machine provision mymachine
Waiting for SSH to be available...
Detecting the provisioner...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...

$ eval $(docker-machine env mymachine)
Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "192.168.99.100:2376": x509: certificate has expired or is not yet valid
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which might stop running containers.

Nothing works...

I have done this in the past no prob. I haven't upgraded recently AFAIK

$ docker-machine --version
docker-machine version 0.13.0, build 9ba6da9

[anentropic]

this is VirtualBox 5.1.18 on macOS 10.13.6

[anentropic]

upgrading to 0.14, no joy

$ docker-machine --version
docker-machine version 0.14.0, build 89b8332

$ docker-machine regenerate-certs mymachine
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Waiting for SSH to be available...
Detecting the provisioner...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...

$ docker-machine upgrade mymachine
Waiting for SSH to be available...
Detecting the provisioner...
Unable to query docker version: Get https://192.168.99.100:2376/v1.15/version: x509: certificate has expired or is not yet valid

[anentropic]

the machine was working fine on Friday

I stopped it over the weekend to free up resources on my laptop, and now starting it again it complains about the certs

[anentropic]

well, I rmd the machine and recreated it and that works at least

[wholeinsoul]

I started seeing the the same issue since yesterday. And removing or using a new machine is not helping.

[daniel-kranowski]

@wholeinsoul Sounds like you need to regenerate client certs and not just machine certs.

Machine certs are signed by the same CA as found in the client certs, so if the client CA has expired then you would just be producing expired machine certs again until you regen the client CA.

If that's your situation, this would fix it:

docker-machine regenerate-certs --client-certs default  # if 'default' is your broken machine

For some reason when I last did this it did not propagate the new client-certs into the machine, so I had to run it a second time without the --client-certs option.

[daniel-kranowski]

Caveat to the above comment: If your machine has been around long enough for the client CA to expire, then some other things might have changed in the various docker executables since then. For example, I just upgraded docker-machine from 0.6.0 to 0.16.0 in order to get the --client-certs option, and the default storage driver has changed from aufs to overlay2, so it confused my old machine by trying to use the newer driver. I had to ssh into the machine, edit /var/lib/boot2docker/profile and reset DOCKER_STORAGE back to aufs to reuse this old machine. If you are willing to delete the old machine and start over then this would not be an issue.

[bfraku]

To add to @daniel-kranowski 's last comment, if you don't know the ssh password for the machine, you can also access the machine directly through VirtualBox.

[mirr254]

I am facing this issue also. I am using digitalocean driver.
When I regenerate using @daniel-kranowski solution for --client-certs still doesn't work. It's stuck here

➜  dogvscat git:(master) ✗ docker-machine regenerate-certs --client-certs dvc1 dvc2 dvc3
Regenerate TLS machine certs?  Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Regenerating local certificates
Regenerating local certificates
Regenerating local certificates
Waiting for SSH to be available...
Waiting for SSH to be available...
Waiting for SSH to be available...

Then ended up with Too many retries waiting for SSH to be available. Last error: Maximum number of retries (60) exceeded