“error validating certificates” when using docker-machine in GCE

When attempting to create a docker-machine on GCE from my machine, the following error appears :

$ docker-machine create --driver google \
    --google-project $PROJECT_ID \
    --google-zone $GOOGLE_ZONE \
    --google-machine-type $GOOGLE_MACHINE_TYPE \
    test-docker-machine
Running pre-create checks...
(test-docker-machine) Check that the project exists
(test-docker-machine)) Check if the instance already exists
Creating machine...
(test-docker-machine) Generating SSH Key
(test-docker-machine) Creating host...
(test-docker-machine) Opening firewall ports
(test-docker-machine) Creating instance
(test-docker-machine) Waiting for Instance
(test-docker-machine) Uploading SSH Key
Waiting for machine to be running, this may take a few minutes...
Detecting operating system of created instance...
Waiting for SSH to be available...
Detecting the provisioner...
Provisioning with ubuntu(systemd)...
Installing Docker...
Copying certs to the local machine directory...
Copying certs to the remote machine...
Setting Docker configuration on the remote daemon...
Checking connection to Docker...
Error creating machine: Error checking the host: Error checking and/or regenerating the certs: There was an error validating certificates for host "104.199.63.145:2376": dial tcp 104.199.63.145:2376: i/o timeout
You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
Be advised that this will trigger a Docker daemon restart which will stop running containers.

I tried to use docker-machine regenerate-certs test as advised but it did not seem to correct anything :

  • How to run sonatype nexus on aws ec2?
  • Bluemix Container shutdown issue
  • Docker Nginx stopped: [emerg] 1#1: host not found in upstream
  • How can I specify the user inside my docker container?
  • Docker not reporting memory usage correctly?
  • Get log of a systemd/journald in a docker container to “docker logs”
  • $ docker-machine regenerate-certs test-docker-machine
    Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
    Regenerating TLS certificates
    Waiting for SSH to be available...
    Detecting the provisioner...
    Installing Docker...
    Copying certs to the local machine directory...
    Copying certs to the remote machine...
    Setting Docker configuration on the remote daemon...
    
    $ docker-machine env test-docker-machine
    Error checking TLS connection: Error checking and/or regenerating the certs: There was an error validating certificates for host "104.199.63.145:2376": dial tcp 104.199.63.145:2376: i/o timeout
    You can attempt to regenerate them using 'docker-machine regenerate-certs [name]'.
    Be advised that this will trigger a Docker daemon restart which will stop running containers.
    

    Moreover, the “docker-machine ls” displays ‘Timeout’ STATE for the machine but the ssh connection with “docker-machine ssh test-docker-machine” works correctly.

    Can you please help me to figure out this issue ?

    Here is the details of my installation :

    $ docker-machine version
    docker-machine version 0.8.2, build e18a919
    
    $ docker version
    Client:
    Version: 1.11.0
    API version: 1.23
    Go version: go1.5.4
    Git commit: 4dc5990
    Built: Wed Apr 13 18:40:36 2016
    OS/Arch: linux/amd64
    
    Server:
    Version: 1.11.0
    API version: 1.23
    Go version: go1.5.4
    Git commit: 4dc5990
    Built: Wed Apr 13 18:40:36 2016
    OS/Arch: linux/amd64
    

    Last hint : when i try the same from a GCE host, it works perfectly…

  • Remotely create a vhost on a docker container running rabbitmq
  • Docker container can only access internet with --net=host
  • Adding docker to django project: no such file or directory
  • How to prevent “docker-machine create” to install/upgrade docker host, just add it
  • AWS Gogs deployment using Docker image
  • Health Check command for docker(1.12) container (Not in Dockerfile!)
  • 2 Solutions collect form web for ““error validating certificates” when using docker-machine in GCE”

    As @NateQ suggested, the solution was to surcharge the docker-machine default google image (which is ubuntu-1510-wily-v20151114 as precised in the doc : https://docs.docker.com/machine/drivers/gce/) with the latest Ubuntu image by using the :

    --google-machine-image https://www.googleapis.com/compute/v1/projects/ubuntu-os-cloud/global/images/
    ubuntu-1604-xenial-v20161205
    

    option in the “docker-machine” command line

    In my case, it were the wrong Host-Only Network connections configured. Disabled the new ones and re-enabled the older connections and reconfigured boot2docker VM on virtualbox to solve the problem.
    YMMV on google VMs accordingly.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.