Docker private registry | TLS certificate issue

Question

I've tried to follow the following tutorial to setup our own private registry (v2) on an AWS Centos machine.

I've self signed a TLS certificate and placed it in /etc/docker/certs.d/MACHINE_STATIS_IP:5000/

When trying to login the registry (docker login MACHINE_IP:5000) or push a tagged repository (MACHINE_IP:5000/ubuntu:latest) i get the following error :

Error response from daemon: Get https://MACHINE_IP:5000/v1/users/: x509: cannot validate certificate for MACHINE_IP because it doesn't contain any IP SANs

Tried to search for an answer for 2 days, however I couldn't find any. I've set the certificate CN (common name) to MACHINE_STATIC_IP:5000

Answer 1

You can also use the following command to temporarily trust the certificate without adding it your system certificates.

docker --tlscert <the downloaded tls cert> pull <whatever you want to pull>

Answer 2

When using a self signed TLS certificate docker daemon require you to add the certificate to it's known certificates.

Use the keytool command to grab the certificate :

keytool -printcert -sslserver ${NEXUS_DOMAIN}:${SSL_PORT} -rfc > ${NEXUS_DOMAIN}.crt

And copy it your client's machine SSL certificates directory (in my case - ubuntu):

sudo cp ${NEXUS_DOMAIN}.crt /usr/local/share/ca-certificates/${NEXUS_DOMAIN}.crt && sudo update-ca-certificates

Now reload docker daemon and you're good to go :

sudo systemctl restart docker