Unanswered
How to renew certificates on docker service registry?
Symptoms: lauching BOM backend pipeline it breaks with the followin error
https://docker-registry.local:5000/v2/ x509: certificate has expired or is not yet valid
Solution:
- Backup of the old certificate in the following folder
cp domain.crt /docker_data/certs/domain.crt
- Create the new certificate in the folder used by the registry.
Beware that the certificate must have CN=docker-registry.local,
the rest is not important.
cd /etc/docker/certs.d/docker-registry.local:5000/
openssl req -key /docker_data/certs/domain.key -new -x509 -days 730 -out /docker_data/certs/domain.crt
- Registry reboot (check the correct container ID by running
docker ps
command)
sudo docker container stop 843dd9153fdf
sudo docker container start 843dd9153fdf
- Copy the certificate to all docker clients used (with restart).
The certificate is in the /etc/docker/certs.d/docker-registry.local:5000/ folder.cp domain.crt /etc/docker/certs.d/docker-registry.local:5000/
systemctl restart docker
.
Note:
- docker registry is in the 172.31.31.162 machine. All the above steps must be executed there.
- the 4th step must be executed in the 172.31.31.161 too, where GitLab is running
7 Views
0
Answers
one year ago
one year ago
Tags