Cannot login to Registry/DTR after updating TLS certificate

Expected behavior

We have changed our UCP/DTR certificate in order to connect our CLI to our cluster using TLS.

Actual behavior

We can’t login to Registry/DTR after changing UCP/DTR certificate. We’ve changed from the default one to a new one created with Let’s Encrypt. This has been created on a Linux machine using Certbot. After that, we’ve copied those certificates and we’ve uploaded them to UCP.

I can access to registry login page, but I can’t login. I get this error:
errors: [
message: “Failed to establish openid authentication”,
detail: “OpenID Connect Error unable to get token see server logs for details”

Steps to reproduce the behavior

  1. Issue a new Let’s Encrypt certificate using Certbot.
  2. Configure it through “UCP --> Admin Settings --> Certificates”.
  3. After that, I’ve checked that UCP has updated their certificated successfully, but I can’t login to registry.

I’m having the same issue.

I cannot login to DTR after updating UCP certificates.

Any idea on how to fix this?


Hi Elio,

After updating your UCP certificates, you need to reconfigure DTR service. Take a look on this:


Hi Aleix,

I’ve just figured out that I need to change the UCP url on the DTR containers.

I did it with the following command and now it is working again:

docker run -it --rm docker/dtr:2.4.1 reconfigure --ucp-url https://<MY_UCP_URL>

Thank you for your reply.


You might want to include the new DTR certificate too when reconfiguring… After you have your DTR certificate files (ca/crt/key) in your local directory, run something like this:
docker run -it --rm docker/dtr reconfigure --dtr-ca "$(cat" --dtr-cert "$(cat" --dtr-external-url --dtr-key "$(cat dtr-test-mydomain-io.key)" --ucp-insecure-tls