I’m getting “Alert: There was a server error” messages when attempting to manually update the Security database. It worked yesterday, about 25 hours ago. But not today.
I did a manual “curl -v” from the node, and got the following back:
ubuntu@dtr-replica-0:~$ curl -v https://dss-cve-updates.docker.com:443/ * Trying 126.96.36.199... * Connected to dss-cve-updates.docker.com (188.8.131.52) port 443 (#0) * found 174 certificates in /etc/ssl/certs/ca-certificates.crt * found 696 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256 * server certificate verification OK * server certificate status verification SKIPPED * common name: *.docker.com (matched) * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: CN=*.docker.com * start date: Thu, 11 May 2017 00:00:00 GMT * expire date: Mon, 11 Jun 2018 12:00:00 GMT * issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon * compression: NULL * ALPN, server accepted to use http/1.1 > GET / HTTP/1.1 > Host: dss-cve-updates.docker.com > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 403 Forbidden < Content-Type: text/html < Content-Length: 39 < Connection: keep-alive < Date: Thu, 31 Aug 2017 21:35:36 GMT < Last-Modified: Tue, 03 Jan 2017 19:45:22 GMT < ETag: "39c603972d0723c941a6d42d6b07ad8d" < Accept-Ranges: bytes < Server: AmazonS3 < Age: 60 < X-Cache: Error from cloudfront < Via: 1.1 b20a36f6809f60038027cfc2337597fe.cloudfront.net (CloudFront) < X-Amz-Cf-Id: cXpv7FhmnDJh4BdaB7dpMN9C7UEHBDH2goqxQy5QXdyo5xVci-d7Vw== < 403 Error: Missing key. Test response. * Connection #0 to host dss-cve-updates.docker.com left intact ubuntu@dtr-replica-0:~$
Is this something wrong on my end, or the remote end? It looks like a remote issue. Wondering if anyone else has seen anything like this? (If not, then it’s on my end, but I’m at a loss as to what it’s choking on.)
I can definitely reach the remote node, and even if my curl statement is wrong, the DTR installation should be able to do what it successfully did yesterday.