티스토리 뷰
DevOps
Error response from daemon: Get "https://registry-1.docker.io/v2/": tls: failed to verify certificate: x509: certificate is valid for xxx, not registry-1.docker.io 에러 해결 방법
Grand_J 2024. 6. 4. 12:48반응형
해당 EC2 서버에 인증서 재발급 후 https://registry-1.docker.io/v2/ 로 접근이 불가해짐
1. 연결 테스트 $ curl -vvI https://registry-1.docker.io/v2/
$ curl -vvI https://registry-1.docker.io/v2/
* Host registry-1.docker.io:443 was resolved.
* IPv6: (none)
* IPv4: 127.0.0.1
* Trying 127.0.0.1:443...
* Connected to registry-1.docker.io (127.0.0.1) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=ums.uniwear.kr
* start date: Jun 2 23:25:33 2024 GMT
* expire date: Aug 31 23:25:32 2024 GMT
* subjectAltName does not match registry-1.docker.io
* SSL: no alternative certificate subject name matches target host name 'registry-1.docker.io'
* Closing connection
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'registry-1.docker.io'
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and아이피가 로컬로 바뀌어 있음
2. 등록된 호스트 확인 $ sudo nano /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost6 localhost6.localdomain6
127.0.0.1 registry-1.docker.io127.0.0.1 registry-1.docker.io 을 제거하고 저장
3. DNS 구성 확인
$ cat /etc/resolv.conf4. DNS 확인
$ nslookup registry-1.docker.io5. DNS 캐시 지우기
$ sudo systemctl restart systemd-resolved6. 재연결 테스트 $ curl -vvI https://registry-1.docker.io/v2/
$ curl -vvI https://registry-1.docker.io/v2/
* Host registry-1.docker.io:443 was resolved.
* IPv6: 2600:1f18:2148:bc02:445d:9ace:d20b:c303, 2600:1f18:2148:bc01:571f:e759:a87a:2961, 2600:1f18:2148:bc00:8d61:9b62:40aa:8bb8
* IPv4: 54.227.20.253, 54.236.113.205, 54.198.86.24
* Trying 54.227.20.253:443...
* Connected to registry-1.docker.io (54.227.20.253) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / X25519 / RSASSA-PSS
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=*.docker.com
* start date: Apr 4 00:00:00 2024 GMT
* expire date: May 3 23:59:59 2025 GMT
* subjectAltName: host "registry-1.docker.io" matched cert's "*.docker.io"
* issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M03
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/1.x
> HEAD /v2/ HTTP/1.1
> Host: registry-1.docker.io
> User-Agent: curl/8.5.0
> Accept: */*
>
< HTTP/1.1 401 Unauthorized
HTTP/1.1 401 Unauthorized
< content-type: application/json
content-type: application/json
< docker-distribution-api-version: registry/2.0
docker-distribution-api-version: registry/2.0
< www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"
www-authenticate: Bearer realm="https://auth.docker.io/token",service="registry.docker.io"
< date: Tue, 04 Jun 2024 03:14:04 GMT
date: Tue, 04 Jun 2024 03:14:04 GMT
< content-length: 87
content-length: 87
< strict-transport-security: max-age=31536000
strict-transport-security: max-age=31536000
<
* Connection #0 to host registry-1.docker.io left intact정상으로 확인
7. 도커 재시작
$ sudo systemctl restart docker
끗!#%!#$!@$
반응형
'DevOps' 카테고리의 다른 글
| 리눅스 가상메모리 세팅 방법 (0) | 2024.06.11 |
|---|---|
| EC2 스토리지 증설 및 세팅 방법 (0) | 2024.06.05 |
| 리눅스(ec2 Amazon Linux 서버)에서 도커(docker), 도커스웜(docker swarm) 설치 및 세팅 방법 (0) | 2024.03.14 |
| aws ec2 Amazon Linux 서버 timezone 한국으로 변경하기 (0) | 2024.03.14 |
| docker-compose 옵션 설명 (0) | 2023.06.13 |
공지사항
최근에 올라온 글
최근에 달린 댓글
- Total
- Today
- Yesterday
링크
TAG
- kendo grid
- 송내 카페
- 군산 가볼만한곳
- 인터바이크
- 남자 혼자 국내 여행
- 나래바이크
- 군산 여행
- 스쿠터 여행
- Docker
- 베스파LX
- 군산 게스트하우스
- 보성 여행
- 은파호수공원
- 송내역 룸카페
- 스쿠터 전국 일주
- 송내 룸카페
- 초원사진관
- 돌장갑
- 국제반점
- 오라클 DB 링크
- 송내역 카페
- 남자 혼자 여행
- 고흥 여행
- 영광 여행
- 전국 일주 여행
- vscode
- 리니지m
- 제주도 스쿠터 여행
- 담양 여행
- 윈드스크린
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
글 보관함