RE: Adding new host to pool fails - Stunnel SSL certiticate verification failure

@Bryanvh Looking at the code, I saw that an exchange was taking place via this certificate.

So when you told me that the master certificate was missing, I tried to put myself in the same situation as you (by removing the certificate) and trying to join the pool.
Having encountered the same error as you, I determined that running these commands fixed the problem.

Indeed, I think the upgrade from 8.2 to 8.3 is the cause. To be more precise, a change occurred in the XAPI during the certificate exchange in version 8.2, and I think it's possible that your 8.2 host wasn't up to date when it upgraded to 8.3 (I'm not sure).

In any case, I'm glad your problem is solved.

@Bryanvh I think I've managed to reproduce the issue. The fact that the master's certificate is missing from /etc/stunnel/certs-pool/ seems to be the problem.

On the master, run xe host-refresh-server-certificate host=$(hostname) and then xe pool-certificate-sync.

Then, if you run ls -l /etc/stunnel/certs-pool, you should see a certificate with the same name as your master's UUID. It should end with .pem. If it ends with .new.pem, I recommend copying the certificate, removing the .new (which can apparently cause problems).

You should then be able to join the pool from your host.

I hope this worked. Please let me know if it works.
Respectfully,