We have changed our UCP/DTR certificate in order to connect our CLI to our cluster using TLS.
Actual behavior
We can’t login to Registry/DTR after changing UCP/DTR certificate. We’ve changed from the default one to a new one created with Let’s Encrypt. This has been created on a Linux machine using Certbot. After that, we’ve copied those certificates and we’ve uploaded them to UCP.
I can access to registry login page, but I can’t login. I get this error:
{
errors: [
{
code: “OPENID_ERROR”,
message: “Failed to establish openid authentication”,
detail: “OpenID Connect Error unable to get token see server logs for details”
}
]
}
Steps to reproduce the behavior
Issue a new Let’s Encrypt certificate using Certbot.
Configure it through “UCP --> Admin Settings --> Certificates”.
After that, I’ve checked that UCP has updated their certificated successfully, but I can’t login to registry.
You might want to include the new DTR certificate too when reconfiguring… After you have your DTR certificate files (ca/crt/key) in your local directory, run something like this: docker run -it --rm docker/dtr reconfigure --dtr-ca "$(cat dtr.test.mydomain.io.ca-bundle)" --dtr-cert "$(cat dtr.test.mydomain.io.crt)" --dtr-external-url https://dtr.test.mydomain.io --dtr-key "$(cat dtr-test-mydomain-io.key)" --ucp-insecure-tls