Troubleshoot root certificate authorities

If one of the nodes goes offline during MKE cluster CA rotation, it can prevent other nodes from finishing the rotation. In this event, to unblock other nodes, remove the offline node from the cluster by running the docker node rm --force <node_id> command from any manager node. Thereafter, once the rotation is done, the node can rejoin the cluster.

If the CA rotation was only partially successful, having left some nodes in an unhealthy state, you can attempt to remove and rejoin the problematic nodes.

For more detail, refer to Join Nodes.

Note

Be aware that if the troubleshooting procedures detailed herein do not work, it may be necessary to restore the cluster using the backup.