When inviting followers to the cluster, the leader sends an invitation(securetoken-import) to followers including its secure channel certificate Root CA and Common Name of the leaf certificate.
The follower handles the invitation by issuing Secure Key Exchange GRPC back to the leader with the Root CA cert and Common Name(received in the invitation) used for validation during TLS handshake.
During this step, the follower nodes may use a cached default common name for validation during TLS handshake, thus, causing the secure key exchange between the leader and itself to fail.
Resolution
This issue has been fixed in 30.2.1 and later releases.
The recommendation is to upgrade the leader controller as a single node controller to the latest recommended release and then try to form the cluster again.
Please note that the followers will also have to be brought to the same version and patch version as the leader BEFORE the cluster formation is tried again.