Well go into your WLC GUI and change the NTP settings! Controller -> NTP -> Server, remove them, then Commands - Set Time
If you don't know how to do that then READ the documentation:
https://www.cisco.com/c/en/us/support/docs/wireless/4400-series-wireless-lan-controllers/113334-ntp-wlc-config-00.html
https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/network_time_protocol_setup.html

But really you need to upgrade to 8.5.182.7 or 8.10.185.0 (depending on what APs you're supporting) as per the links below to resolve the issue.

I have applied the work around that you provided , but it's not helping, also AP is now showing not joined

Look at the logs or provide the logs so that others can help.  The output from the ap will tell you why the ap is not joining.

---

@rakesh nair wrote:
I have applied the work around that you provided , but it's not helping, also AP is now showing not joined

---

Tell us, exactly, what was done. 

> I have applied the work around that you provided
As the others have said describe EXACTLY what you did?
And provide the full logs (attach as a text file not a screenshot) on the AP from power on which will show why it doesn't join?

What you should be doing at a minimum is upgrade to 8.5.182.7 - have you done that?
Have you read all the field notices linked below?

The AP is placed on top of a pole in airport and console to AP is very difficult. We need to rent out a a lift to do that.

Also upgrade of WLC which is currently in production in a shot notice, that also for two APs is very difficult to explain to management and grab approval.

AP was able to join WLC, but was stuck in downloading was the issue. but now it is not able to join. In WLC i am seeing below error.

*osapiBsnTimer: Apr 09 09:41:09.033: %DTLS-3-HANDSHAKE_FAILURE: [PA]openssl_dtls.c:3231 Failed to complete DTLS handshake with peer 10.24.200.139

Is it possible to SSH into the AP? 

I have 3700s in my network and my workaround does not follow the official Cisco FN:  

1. SSH into the AP
2. debug capwap console cli
3. delete /f /r flash:c1570*
4. archive tar /x tftp://<TFTP IP address>/c1570-rcvk9w8-tar.153-3.JPP.tar flash:
5. Once the upload is finish, reboot the AP.

When the AP reboots, it will boot an recovery IOS-XE version on 17.11.1.  The AP will then join the controller and download the correct firmware.

What i did, first removed NTP server from WLC, then manually set time to Nov 2022, then i applied below command in WLC

config ap cert-expiry-ignore mic enable

config ap cert-expiry-ignore ssc enable

Then you probably have not read ALL the field notices below!

Nov 2022 will *only* help you with the Dec 2022 image cert bug (CSCwd80290) not the MIC certificate expiry.  For that you need the commands above and WLC date set to before the AP and/or WLC MICs expired.  Read the field notice (FN-63942) carefully - twice if need be - then follow the instructions, in the right order, carefully.
The problem with that one is the cert-expiry-ignore config will not be applied to the AP until after it has been able to join the WLC and complete download if required.

If that doesn't resolve your issue then you'll have to get on the AP console somehow to understand the problem better.  Sometimes a packet capture of the CAPWAP (UDP 5246) between AP and WLC might show you what's happening.  Consider staging a replacement AP then swapping the problem one to avoid hassle of trying to troubleshoot at height.  Then fix that one at your desk and use it to replace the next one.

As to upgrade of WLC - well that's why it pays to keep on top of field notices and required configurations and keep your software up to date pro-actively.  For now you have to solve the problem whichever way works best for you in the situation.