I’m attempting to use Grafana Loki as a logging driver. the plugin is installed and working, it attempts a connection and returns:
Mar 30 00:54:32 sarin dockerd[9169]: time="2025-03-30T00:54:32Z" level=info msg="level=error ts=2025-03-30T00:54:32.85691463Z caller=client.go:360 container_id=95f9965fb5195273006156ff0d194c6e85dc86733e63afb0b2b17070636d91a8 component=client host=loki.sarin.lan msg=\"final error sending batch\" status=-1 error=\"Post \\\"https://loki.sarin.lan/loki/api/v1/push\\\": x509: certificate signed by unknown authority\"" plugin=80d59480c3ce07d340ac059d28700f38e9086c2af9c5f39b70aa40218bf5a4bf
using This link I’ve installed and verified the existence of ma CA-cert.
verified it again using curl --verbose
< * SSL certificate verify ok.
as far as I’m aware I’ve properly installed and verified that my server recognizes the cert as valid. and the docker docs here seem to suggest that’s all i should have needed to do.
I would either like docker to recognize the cert as valid, or just ignore the “insecure” cert and proceed with the connection.
Docker does nothing with your cert. The documentation you linked contains multiple suggestions for different use cases. Which one did you do? You need to configure the container, not your host operating system. The CA certs are stored in a CA bundle file, but it could be located in different folders in different distributions, but it is usually at /etc/ssl/certs as the guide you linked first suggests. It is also important that it is up to the command or library to use that bundle or not, so when you use a specific software like Grafana, you need to check its documentation first and its community forum if there is any.
If you don’t want to run the update command (which could also be different in different distributions) as the first page suggests, you can actually copy the original bundle file out from the image, append your CA cert at the end and mount the cert bundle file back when you start the container.
grafana connects to loki with no problem, I believe this to be a docker issue because the error i listed from the previous post is from this command: journalctl -f -u docker.service.
I believe docker is refusing to send log data to grafana Loki because of the unknown authority. ive verified that the cert is properly installed with the two following commands.