How Do You Troubleshoot an Error with a Certificate When You Are Trying to Configure a Docker Registry?

Problem scenario
You get an error about a certificate not working with your host/server name.  One of the following apply to your situation:

When you use "docker login" you get this message:
"Error response from daemon: x509: certificate is not valid for your server"


When you try to use curl to the Docker registry server you get this error:
curl: (51) SSL: certificate subject name  does not match target host name

You have copied over the latest .crt files to the client server where you are running commands to get the errors above.  What do you do to not get a message about a certificate name not being valid with a server name?

What did you use for the CN or Common Name when you created the .crt file?  When creating a new SSL certificate, you generally configure the Common Name interactively from a prompt when running an openssl command.  Alternatively you add a Common Name with a complex string as part of a flag option when you run the openssl command.  If the name you passed was a server name other than the FQDN of the Docker registry server or you passed some username value for the Common Name, then that is likely the problem.  

The following prompt generally needs the FQDN of the Docker registry server:

"Common Name (e.g. server FQDN or YOUR name) []"

Recreate the .crt file. Use openssl commands to recreate your .crt file.  Try using the FQDN of the Docker registry server for this "Common Name" field.

Leave a comment

Your email address will not be published. Required fields are marked *