Doing a docker-machine ls a got the unexpected Unable to query docker version: Get https://x.x.x.x:2376/v1.15/version: x509: certificate has expired or is not yet valid for every machine.
I hadn't done anything recently. Looking on SO, I tried some common culprits, VPN, virus, weird clock issues, etc. None of that applied. How can I fix make them useable again (via the docker-machine interface)?
Using Docker for Mac, 17.12.0-ce-49
Update - as I commented on 2/14/2018, this is now part of docker-machine.
Try: docker-machine regenerate-certs --client-certs
Historical answer below:
First, docker-machine regenerate-certs does NOT regenerate the client certificate(s).
After poking around with openssl I discovered that it was actually the client certificate that had expired. Verify:
openssl x509 -in ~/.docker/machine/certs/cert.pem -text | grep "Not After"
I tried recreating the certs in situ with the same ca.pem but it didn't work out (for me). I'm guessing it would have eventually worked, given a lot more time and trial and error.
What eventually worked was backing up the whole dir, creating a dummy throwaway machine (to force docker-machine to create new certs), moving configs, ssh keys, and server certificates (not client certificates), then issuing a regenerate for each machine. NB, it's disruptive and painful. As the warning shows, docker-machine regenerate-certs will restart docker on the target machine. Though it's too late for me, I would like to see a better answer.
The process looks something like:
#!/bin/bash
cd ~/.docker || exit
cp -R machine machine.bak
rm -rf machine
docker-machine create deleteme
docker-machine rm -rf deleteme
cd machine/machines || exit
for m in $(~/.docker/machine.bak/machines)
do
cp -R "../../machine.bak/machines/$m" .
rm "$m/cert.pem"
rm "$m/key.pem"
cp certs/cert.pem "$m"
cp certs/key.pem "$m"
docker-machine regenerate-certs -f
done