Hi.
I've been having problems attempting to login to a private docker registry hosted in one of my servers. Said server is running the lastest version of the registry v2 container and its using a self signed SSL certificate.
I've used that server for a long time with no problems connecting from other servers running debian 11. I can login from this servers without any problem.
Recently I started using some other servers running debian 12 that have the latest version of the docker.io package from the official repository (20.10.24+dfsg1-1+b3).
The output of "docker version" is:
Anyways, And whenever I attempt to login to my registry from any of these servers running debian 12 I get the following error message:
The registry server certificate has not expired. I don't know where this date "2024-07-07T23:59:59Z" is coming from...
I checked the logs from "journalctl -xu docker.service":There you can see multiple tries, configuring docker to accept the self signed certificate. Configuring client certificates. Without any certificate configuration at all.
And I always get the same error.
I even tried stopping my registry server entirely and get the same error. So the problem is clearly from the client side.
I don't know if this is a bug with the docker.io package from the official repo. Or if there is some new configuration required for Debian 12 that I need to do.
Also if I attempt to login to the official docker registry, it works fine. I just get the error if I pass another url.
Any ideas what could be the problem?
Thanks in advance.
I've been having problems attempting to login to a private docker registry hosted in one of my servers. Said server is running the lastest version of the registry v2 container and its using a self signed SSL certificate.
I've used that server for a long time with no problems connecting from other servers running debian 11. I can login from this servers without any problem.
Recently I started using some other servers running debian 12 that have the latest version of the docker.io package from the official repository (20.10.24+dfsg1-1+b3).
The output of "docker version" is:
Code:
Client: Version: 20.10.24+dfsg1 API version: 1.41 Go version: go1.19.8 Git commit: 297e128 Built: Thu May 18 08:38:34 2023 OS/Arch: linux/amd64 Context: default Experimental: trueServer: Engine: Version: 20.10.24+dfsg1 API version: 1.41 (minimum version 1.12) Go version: go1.19.8 Git commit: 5d6db84 Built: Thu May 18 08:38:34 2023 OS/Arch: linux/amd64 Experimental: false containerd: Version: 1.6.20~ds1 GitCommit: 1.6.20~ds1-1+b1 runc: Version: 1.1.5+ds1 GitCommit: 1.1.5+ds1-1+deb12u1 docker-init: Version: 0.19.0 GitCommit:Anyways, And whenever I attempt to login to my registry from any of these servers running debian 12 I get the following error message:
Code:
Error response from daemon: Get "https://myregistryhostname.com/v2/": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:40:04-03:00 is after 2024-07-07T23:59:59ZI checked the logs from "journalctl -xu docker.service":
Code:
Sep 20 11:14:42 mypchostname dockerd[1643]: time="2024-09-20T11:14:42.292842519-03:00" level=debug msg="Calling HEAD /_ping"Sep 20 11:14:42 mypchostname dockerd[1643]: time="2024-09-20T11:14:42.294857569-03:00" level=debug msg="Calling GET /v1.41/info"Sep 20 11:14:43 mypchostname dockerd[1643]: time="2024-09-20T11:14:43.914240841-03:00" level=debug msg="Calling POST /v1.41/auth"Sep 20 11:14:43 mypchostname dockerd[1643]: time="2024-09-20T11:14:43.914381179-03:00" level=debug msg="form data: {\"password\":\"*****\",\"serveraddress\":\"myregistryhostname.com\",\"username\":\"myregusername\"}"Sep 20 11:14:43 mypchostname dockerd[1643]: time="2024-09-20T11:14:43.916570750-03:00" level=debug msg="hostDir: /etc/docker/certs.d/myregistryhostname.com"Sep 20 11:14:43 mypchostname dockerd[1643]: time="2024-09-20T11:14:43.916730791-03:00" level=debug msg="crt: /etc/docker/certs.d/myregistryhostname.com/ca.crt"Sep 20 11:14:43 mypchostname dockerd[1643]: time="2024-09-20T11:14:43.916842870-03:00" level=debug msg="cert: /etc/docker/certs.d/myregistryhostname.com/client.cert"Sep 20 11:14:43 mypchostname dockerd[1643]: time="2024-09-20T11:14:43.917113685-03:00" level=debug msg="key: /etc/docker/certs.d/myregistryhostname.com/client.key"Sep 20 11:14:43 mypchostname dockerd[1643]: time="2024-09-20T11:14:43.917144825-03:00" level=debug msg="attempting v2 login to registry endpoint https://myregistryhostname.com/v2/"Sep 20 11:14:44 mypchostname dockerd[1643]: time="2024-09-20T11:14:44.142658011-03:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:14:44-03:00 is after 2024-07-07T23:59:59Z"Sep 20 11:14:44 mypchostname dockerd[1643]: time="2024-09-20T11:14:44.142785344-03:00" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:14:44-03:00 is after 2024-07-07T23:59:59Z" error_type=registry.fallbackError module=apiSep 20 11:14:44 mypchostname dockerd[1643]: time="2024-09-20T11:14:44.142857659-03:00" level=error msg="Handler for POST /v1.41/auth returned error: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:14:44-03:00 is after 2024-07-07T23:59:59Z"Sep 20 11:14:44 mypchostname dockerd[1643]: time="2024-09-20T11:14:44.142905847-03:00" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:14:44-03:00 is after 2024-07-07T23:59:59Z" error_type=registry.fallbackError module=apiSep 20 11:15:31 mypchostname dockerd[1643]: time="2024-09-20T11:15:31.990754228-03:00" level=debug msg="Calling HEAD /_ping"Sep 20 11:15:31 mypchostname dockerd[1643]: time="2024-09-20T11:15:31.991966986-03:00" level=debug msg="Calling GET /v1.41/info"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.781924063-03:00" level=debug msg="Calling POST /v1.41/auth"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.782146843-03:00" level=debug msg="form data: {\"password\":\"*****\",\"serveraddress\":\"myregistryhostname.com\",\"username\":\"myregusername\"}"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.784386715-03:00" level=debug msg="hostDir: /etc/docker/certs.d/myregistryhostname.com"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.784775856-03:00" level=debug msg="crt: /etc/docker/certs.d/myregistryhostname.com/ca.crt"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.784983063-03:00" level=debug msg="attempting v2 login to registry endpoint https://myregistryhostname.com/v2/"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.789371317-03:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:33-03:00 is after 2024-07-07T23:59:59Z"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.789451461-03:00" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:33-03:00 is after 2024-07-07T23:59:59Z" error_type=registry.fallbackError module=apiSep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.789484444-03:00" level=error msg="Handler for POST /v1.41/auth returned error: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:33-03:00 is after 2024-07-07T23:59:59Z"Sep 20 11:15:33 mypchostname dockerd[1643]: time="2024-09-20T11:15:33.789526638-03:00" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:33-03:00 is after 2024-07-07T23:59:59Z" error_type=registry.fallbackError module=apiSep 20 11:15:50 mypchostname dockerd[1643]: time="2024-09-20T11:15:50.965001805-03:00" level=debug msg="Calling HEAD /_ping"Sep 20 11:15:50 mypchostname dockerd[1643]: time="2024-09-20T11:15:50.965600374-03:00" level=debug msg="Calling GET /v1.41/info"Sep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.471505390-03:00" level=debug msg="Calling POST /v1.41/auth"Sep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.471704798-03:00" level=debug msg="form data: {\"password\":\"*****\",\"serveraddress\":\"myregistryhostname.com\",\"username\":\"myregusername\"}"Sep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.474120368-03:00" level=debug msg="hostDir: /etc/docker/certs.d/myregistryhostname.com"Sep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.474179431-03:00" level=debug msg="attempting v2 login to registry endpoint https://myregistryhostname.com/v2/"Sep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.478535095-03:00" level=info msg="Error logging in to endpoint, trying next endpoint" error="Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:52-03:00 is after 2024-07-07T23:59:59Z"Sep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.478678097-03:00" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:52-03:00 is after 2024-07-07T23:59:59Z" error_type=registry.fallbackError module=apiSep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.478734756-03:00" level=error msg="Handler for POST /v1.41/auth returned error: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:52-03:00 is after 2024-07-07T23:59:59Z"Sep 20 11:15:52 mypchostname dockerd[1643]: time="2024-09-20T11:15:52.478764622-03:00" level=debug msg="FIXME: Got an API for which error does not match any expected type!!!: Get \"https://myregistryhostname.com/v2/\": x509: certificate has expired or is not yet valid: current time 2024-09-20T11:15:52-03:00 is after 2024-07-07T23:59:59Z" error_type=registry.fallbackError module=apiAnd I always get the same error.
I even tried stopping my registry server entirely and get the same error. So the problem is clearly from the client side.
I don't know if this is a bug with the docker.io package from the official repo. Or if there is some new configuration required for Debian 12 that I need to do.
Also if I attempt to login to the official docker registry, it works fine. I just get the error if I pass another url.
Any ideas what could be the problem?
Thanks in advance.
Statistics: Posted by drybulbasaur — 2024-09-20 14:53 — Replies 0 — Views 18