Is there an existing issue for this?

• There is no existing issue for this bug

Is this happening on an up to date version of Incus?

• This is happening on a supported version of Incus

Incus system details

Tested on 6.16

Instance details

No response

Instance log

No response

Current behavior

No response

Expected behavior

No response

Steps to reproduce

Get a cluster up and running with a certificate that's about to expire.
Let the certificate expired without pushing a newer version of it.

The cluster will then be unable to establish new internal connections.
Existing ones are fine so the API is still responding and DB access is functional, at least until Icnus restarts. But any internal connection whether to fetch instance runtime data or (more annoyingly) to push an updated certificate all fail.

The fix should be to change the certificate validation logic for cluster internal communications to require the certificate be an exact match but not require it to be otherwise valid.