Certificate Signed by Unknown Authority connecting to docker-registry after certificate redeploy
Issue
- I get an
x509: certificate signed by unknown authority.error when trying to login to my internal image registry, even though it worked before I redeployed my cluster certs and CA:
# docker login -u <USER> -e <EMAIL> -p `oc whoami -t` <SVC_IP>:5000
Error response from daemon: invalid registry endpoint https://<SVC_IP>:5000/v0/: unable to ping registry endpoint https://<SVC_IP>:5000/v0/
v2 ping attempt failed with error: Get https://<SVC_IP>:5000/v2/: x509: certificate signed by unknown authority
v1 ping attempt failed with error: Get https://<SVC_IP>:5000/v1/_ping: x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry <SVC_IP>:5000` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/<SVC_IP>:5000/ca.crt
- I ran the OpenShift Cert redeploy playbook
ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/openshift-cluster/redeploy-certificates.yml --extra-vars "openshift_certificates_redeploy_ca=true"
but now can't login to my internal docker registry
Environment
- OpenShift Container Platform 3.X
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
