tls: failed to verify certificate: x509: certificate is valid for ip-172-31-34-156.ec2.internal, not auth.docker.io
SwissOS opened this issue · 1 comments
Support guidelines
- I've read the support guidelines
I've found a bug and checked that ...
- ... the documentation does not mention anything about my problem
- ... there are no open or closed issues that are related to my problem
Description
I just installed diun with the docker-compose method and I (believe) it's up and running, but when I look at the logs I get several errors like this one:
Wed, 22 Nov 2023 15:09:41 CET WRN Cannot get remote manifest error="cannot get image digest from HEAD request: Get \"https://auth.docker.io/token?scope=repository%3Ahkotel%2Fmealie%3Apull&service=registry.docker.io\": tls: failed to verify certificate: x509: certificate is valid for ip-172-31-34-156.ec2.internal, not auth.docker.io" image=docker.io/hkotel/mealie:latest provider=docker
Is this a problem in my setup or inside the diun container?
Thanks for any pointers.
Expected behaviour
No errors in log
Actual behaviour
Some containers are working fine (actually those that are on github), but the docker hub ones are not.
Steps to reproduce
Install diun with docker compose file, and have it check docker hub images
Diun version
4.26.0
Docker info
Client: Docker Engine - Community
Version: 24.0.7
Context: default
Debug Mode: false
Plugins:
compose: Docker Compose (Docker Inc.)
Version: v2.21.0
Path: /usr/libexec/docker/cli-plugins/docker-compose
Server:
Containers: 19
Running: 19
Paused: 0
Stopped: 0
Images: 18
Server Version: 24.0.7
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: true
userxattr: false
Logging Driver: journald
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d8f198a4ed8892c764191ef7b3b06d8a2eeb5c7f
runc version: v1.1.10-0-g18a0cb0
init version: de40ad0
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.1.0-13-amd64
Operating System: Debian GNU/Linux 12 (bookworm)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.4GiB
Name: dietpi
ID: 475dd6f5-f44a-45ba-aa6b-08302447f425
Docker Root Dir: /mnt/dietpi_userdata/docker-data
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Docker Compose config
No response
Logs
`Wed, 22 Nov 2023 15:09:41 CET WRN Cannot get remote manifest error="cannot get image digest from HEAD request: Get \"https://auth.docker.io/token?scope=repository%3Ahkotel%2Fmealie%3Apull&service=registry.docker.io\": tls: failed to verify certificate: x509: certificate is valid for ip-172-31-34-156.ec2.internal, not auth.docker.io" image=docker.io/hkotel/mealie:latest provider=docker`
Additional info
Am I missing some certificates to validate the TLS?
Very strange issue, but it got fixed the next day. I can only guess that it was not a problem with DIUN, but an issue with Docker Hub.