1

我已经设置了 Harbor(一个 Docker 私有注册表),并尝试使用 Docker 连接到它。

sudo docker pull registry.mysite.nl/test

但我不断得到:

Using default tag: latest
Error response from daemon: Head https://registry.mysite.nl/v2/test/manifests/latest: Get https://registry.mysite.nl/service/token?scope=repository%3Atest%3Apull&service=harbor-registry: x509: certificate has expired or is not yet valid

但是,如果我使用浏览器访问该站点,一切都会顺利进行。所有客户端,在我的 Mac 上,在该机器上的本地主机上等都会发生。

任何想法?- 我多次重新生成证书等..

编辑:我从letsencrypt获得的证书有:

CLIENT_CERT INTERMEDIDIATE_CERT ROOT_CERT

全部在一个文件中。使用 OpenSSL 检查证书会导致验证错误

➜  certs openssl s_client -CApath /etc/ssl/ -connect registry.mysite.nl:443 
CONNECTED(00000005)
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=1 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
depth=3 O = Digital Signature Trust Co., CN = DST Root CA X3
verify error:num=10:certificate has expired
notAfter=Sep 30 14:01:15 2021 GMT
verify return:0
---
Certificate chain
 0 s:/CN=registry.mysite.nl
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
 2 s:/C=US/O=Internet Security Research Group/CN=ISRG Root X1
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3

当我从此文件(在服务器上)删除 ROOT_CERT 时,错误消失了:

➜  certs openssl s_client -CApath /etc/ssl/ -connect registry.mysite.nl:443 
CONNECTED(00000005)
depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = registry.mysite.nl
verify return:1
---
Certificate chain
 0 s:/CN=registry.mysite.nl
   i:/C=US/O=Let's Encrypt/CN=R3
 1 s:/C=US/O=Let's Encrypt/CN=R3
   i:/C=US/O=Internet Security Research Group/CN=ISRG Root X

但是 Docker(和 podman)一直在抱怨无效的证书。 x509: certificate has expired or is not yet valid: current time 2022-02-17T17:19:53Z is after 2016-01-12T16:41:00Z

4

0 回答 0