Re-authenticating under tailnet lock
When tailnet lock is enabled, each of your nodes stores tailnet-lock keys and other important data that should be preserved. As such, it’s important to re-authenticate your existing nodes when they expire, rather than login again.
If you see the following error after attempting to login:
You have a locked tailnet and this machine has already been registered. Please either delete the machine from the admin console and retry, or switch back to the profile and reauth. https://tailscale.com/s/reauth-under-tailnet-lock
That means that your login would have overwritten an existing login on your device, resulting in the destruction of a tailnet lock key and a locked out node.
Instead, reauthenticate your existing login by switching back to it and re-authenticating:
tailscale switch <your-username> tailscale up --force-reauth
If you did mean to overwrite your previous node with a new login, delete the machine from within the admin console before logging in again.