tls: failed to verify certificate: x509: certificate is valid for ip-172-31-34-156.ec2.internal, not auth.docker.io

Question

tls: failed to verify certificate: x509: certificate is valid for ip-172-31-34-156.ec2.internal, not auth.docker.io

SwissOS opened this issue 7 months ago · 1 comments

SwissOS commented 7 months ago

Support guidelines

I've read the support guidelines

I've found a bug and checked that ...

... the documentation does not mention anything about my problem
... there are no open or closed issues that are related to my problem

Description

I just installed diun with the docker-compose method and I (believe) it's up and running, but when I look at the logs I get several errors like this one:

Wed, 22 Nov 2023 15:09:41 CET WRN Cannot get remote manifest error="cannot get image digest from HEAD request: Get \"https://auth.docker.io/token?scope=repository%3Ahkotel%2Fmealie%3Apull&service=registry.docker.io\": tls: failed to verify certificate: x509: certificate is valid for ip-172-31-34-156.ec2.internal, not auth.docker.io" image=docker.io/hkotel/mealie:latest provider=docker

Is this a problem in my setup or inside the diun container?

Thanks for any pointers.

Expected behaviour

No errors in log

Actual behaviour

Some containers are working fine (actually those that are on github), but the docker hub ones are not.

Steps to reproduce

Install diun with docker compose file, and have it check docker hub images

Diun version

4.26.0

Docker info

Client: Docker Engine - Community
 Version:    24.0.7
 Context:    default
 Debug Mode: false
 Plugins:
  compose: Docker Compose (Docker Inc.)
    Version:  v2.21.0
    Path:     /usr/libexec/docker/cli-plugins/docker-compose

Server:
 Containers: 19
  Running: 19
  Paused: 0
  Stopped: 0
 Images: 18
 Server Version: 24.0.7
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Using metacopy: false
  Native Overlay Diff: true
  userxattr: false
 Logging Driver: journald
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: d8f198a4ed8892c764191ef7b3b06d8a2eeb5c7f
 runc version: v1.1.10-0-g18a0cb0
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: builtin
  cgroupns
 Kernel Version: 6.1.0-13-amd64
 Operating System: Debian GNU/Linux 12 (bookworm)
 OSType: linux
 Architecture: x86_64
 CPUs: 4
 Total Memory: 15.4GiB
 Name: dietpi
 ID: 475dd6f5-f44a-45ba-aa6b-08302447f425
 Docker Root Dir: /mnt/dietpi_userdata/docker-data
 Debug Mode: false
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Docker Compose config

No response

Logs

`Wed, 22 Nov 2023 15:09:41 CET WRN Cannot get remote manifest error="cannot get image digest from HEAD request: Get \"https://auth.docker.io/token?scope=repository%3Ahkotel%2Fmealie%3Apull&service=registry.docker.io\": tls: failed to verify certificate: x509: certificate is valid for ip-172-31-34-156.ec2.internal, not auth.docker.io" image=docker.io/hkotel/mealie:latest provider=docker`

Additional info

Am I missing some certificates to validate the TLS?

Answer 1 · 2023-11-24T08:46:53.000Z

Very strange issue, but it got fixed the next day. I can only guess that it was not a problem with DIUN, but an issue with Docker Hub.