Docker Community Forums

Share and learn in the Docker community.

Docker login got FATA[0010]

(Tracyliu) #1

I installed docker trusted registry (DTR) by following .
For the key/certificate, I didn’t set my own key, just used whatever DTR set by default.
Also I set the Domain name to DTR machine’s ip address. Because I found my docker client has problem to access DTR using domain name, but it can access DTR machine using IP.
I added user admin/password as admin via DTR admin UI->Settings->Auth. I can login admin UI using this account with no problem.

Now I am following on DTR machine.
I pulled jenkins image from docker hub and built, without setting SSL.
When I trying to push image to DTR, I failed to login docker. The commands I used were:

//download DTR server certificate
openssl s_client -connect -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee -a /tmp/tracy/server.pem

//mkdir /etc/docker/certs.d/
//copy the certificate to /etc/docker/certs.d/
cp /tmp/tracy/server.pem /etc/docker/certs.d/

docker login
Username: admin
Password: xxxxxxxx
email: (blank, because I don’t see any place to set email when adding admin user via DTR admin UI’s Settings->Auth)

Then I got this error:
FATA[0004] Error response from daemon: v1 ping attempt failed with error: Get https ://
x509: cannot validate certificate for because it doesn’t contain any IP SANs. If this private re
gistry supports only HTTP or HTTPS with an unknown CA certificate, please add --insecure-registry 16 to the daemon’s arguments. In the case of HTTPS, if you have access to the registry’s CA certificate, no n
eed for the flag; simply place the CA certificate at /etc/docker/certs.d/

I have two questions,

  1. I have put ca.crt to /etc/docker/certs.d/, why can’t docker get it?

  2. I installed DTR which is V2 registry, why it is trying to Get https ://
    In my previous topic, I have reported /v1/_ping not working in DTR and got reply from Jeff. He said that this API was specifically used by V1 registry, and DTR is V2. So I don’t understand how this “…Get https ://…” error happened.


(I inserted three spaces in three links, because the website said I am new user and only allowed me to have 2 links in post)

(Tracyliu) #2

I tried to curl API /v2 on another machine (not the DTR machine), and I got 401 Unauthorized.

I have downloaded DTR server certificate:
openssl s_client -connect -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee -a /tmp/tracy/server.pem

And used this certificate and admin account in the curl request:
curl --cacert /tmp/tracy/server.pem --user admin:password

I got this response:
{“errors”:[{“code”:“UNAUTHORIZED”,“message”:“access to the requested resource is not authorized”,“detail”:null}]}

I am wondering this error is sth. related to the docker login failure too?