Docker Community Forums

Share and learn in the Docker community.

Trouble w cert on 1st ucp login


(Jbottum) #1

On step 6 of UCP install and I can’t login into UCP using safari. I get “the website 102.168.99.103 did not accept the certificate unknown”. I have 2 cert options and neither works. I had some trouble with my install. I was thinking about starting over. Can I erase my current nodes and start again?


(Vivek Saraswat) #2

Hi jbottum,

You certainly have the option of of erasing the nodes and starting again; just use the “–fresh-install” option when using the ucp install command. There should be no issues with that for the license (trial or paid).

In terms of figuring out the cert issue, how are you going about installing your current cert options? Are you following the basic instructions for adding a cert ( https://docs.docker.com/ucp/production-install/#step-5-customize-the-ca-used-optional )? You will have to create a volume called ucp-server-certs with the 3 ca.pem/cert.pem/key.pem files specified, and then use the “–external-ucp-ca” option when using the ucp install command.


(Jbottum) #3

Thanks, I re-ran…see output below…still getting the website" 192.168.99.103" did not accept the certificate “unknown”. Joshs-MacBook-Air:~ jbottum$ docker run --rm -it \

-v /var/run/docker.sock:/var/run/docker.sock
–name ucp docker/ucp install --fresh-install -i
–swarm-port 3376 --host-address $(docker-machine ip node1)
INFO[0000] Verifying your system is compatible with UCP
Please choose your initial Orca admin password:
Confirm your initial password:
INFO[0008] All required images are present
WARN[0008] None of the hostnames we’ll be using in the UCP certificates [node1 127.0.0.1 172.17.0.1 192.168.99.103] contain a domain component. Your generated certs may fail TLS validation unless you only use one of these shortnames or IPs to connect. You can use the --san flag to add more aliases

You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases:
INFO[0020] Installing UCP with host address 192.168.99.103 - If this is incorrect, please specify an alternative address with the ‘–host-address’ flag
INFO[0000] Removing old UCP containers
INFO[0002] Generating UCP Cluster Root CA
INFO[0024] Generating UCP Client Root CA
INFO[0033] Deploying UCP Containers
INFO[0039] UCP instance ID: PKOG:DLPD:D4UT:WC6D:XM3T:4HQD:NYKI:NP34:TQEG:CJ5J:BQFR:WRZO
INFO[0039] UCP Server SSL: SHA1 Fingerprint=AC:58:D2:C5:89:F4:66:E7:DB:B6:65:18:74:03:18:4D:9F:67:61:D2
INFO[0039] Login as “admin”/(your admin password) to UCP at https://192.168.99.103:443