Fix “error during connect: Get https://10.10.18.10:2376/v1.37/containers/json: x509: certificate has expired or is not yet valid”

So…this happened lately:

$ docker ps
error during connect: Get https://xx.xx.xx.xx:xxxx/vx.xx/containers/json: x509: certificate has expired or is not yet valid

Browsing to the URL gave me:

This site can’t provide a secure connection
xx.xx.xx.xx didn’t accept your login certificate, or one may not have been provided.
Try contacting the system admin.
ERR_BAD_SSL_CLIENT_AUTH_CERT

journalctl -u docker.service says:

Jun 21 18:34:52 test-010 dockerd[6467]: http: TLS handshake error from 192.168.101.10:55620: remote error: tls: bad certificate
Jun 21 18:34:52 test-010 dockerd[6467]: http: TLS handshake error from 192.168.101.10:55621: remote error: tls: bad certificate

I checked if the private key and the certificate match:

# According to https://knowledge.digicert.com/solution/SO5794.html this:
root [ /etc/pki/tls ]# openssl rsa -modulus -noout -in private/my.key | openssl md5
(stdin)= 6712...ebe3

# and this:
root [ /etc/pki/tls ]# openssl x509 -modulus -noout -in certs/my.crt | openssl md5
(stdin)= 0119...7b80

# should be the same output.

# Recognizably they're not. However, I realized that my old certificate gives me:
root [ /etc/pki/tls ]# openssl x509 -modulus -noout -in certs/my.old.crt | openssl md5
(stdin)= 0119...7b80

# which is the same as the new certificate...

Sadly, in the end it turned out that the CA cert had to be renewed. Once that was done and replaced on the server as well as on the client in my /Users/worp/.docker/respectiveServerFolder, I was able to connect again.

Further reading