Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cert issue with cloudflare when pulling images #234

Open
claytontstevenson opened this issue Apr 19, 2024 · 4 comments
Open

Cert issue with cloudflare when pulling images #234

claytontstevenson opened this issue Apr 19, 2024 · 4 comments

Comments

@claytontstevenson
Copy link

A bit of an issue came up with the Vagrant quickstart option here. For background this was working correctly until some recent cloudflare maintenance. I noticed this issue beginning last week.

When running the command to start up the vagrant boxes it starts working correctly until the attempt at pulling images, at which point there is a cert error as seen here:

    server-01: + for image in $curlimage $jqimage "rancher/rancher:${rancher_version}"
    server-01: + docker inspect appropriate/curl
    server-01: + docker pull appropriate/curl
    server-01: Using default tag: latest
    server-01: latest: Pulling from appropriate/curl
    server-01: ff3a5c916c92: Pulling fs layer
    server-01: 3151abf94102: Pulling fs layer
    server-01: 58ae3cb4aac4: Pulling fs layer
    server-01: error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/d3/d37e1f717dc01df3a838955d29a149c569352c0991b1d7cf11b4ebca8c6c7f55/data?verify=1713529598-3jnBGyH9b626%2F1MRY0zJYJAd8Ng%3D: x509: certificate has expired or is not yet valid
    server-01: + sleep 2
    server-01: + docker inspect appropriate/curl

I checked the time on the VM to make sure and it seemed to be correct. Pulling these images on my local machine which is running virtualbox results in no error which is why this appears to be something in the vm.

I'm happy to provide any additional logs or information here
@robertsirc
Copy link

Can you link the quick start guide? I know there are a few out there and I want to make sure it is up-to-date

@claytontstevenson
Copy link
Author

This is the one I was following: https://ranchermanager.docs.rancher.com/getting-started/quick-start-guides/deploy-rancher-manager/vagrant

Which this is more or less the same instructions as in the readme for the repo https://github.com/rancher/quickstart/tree/master/rancher/vagrant

@orsi-dev
Copy link

orsi-dev commented May 8, 2024

i m facing the same issue for days and i've found a workaround for that.
You should set the daemon.json ( /etc/docker/daemon.json on rancherOs ) docker file with a registry mirror like that:

{ "registry-mirrors": ["https://registry.hub.docker.com/"] }

@vonBork
Copy link

vonBork commented May 30, 2024

The certificate of cloudflare is fine. I checked it via openssl.

openssl s_client -connect production.cloudflare.docker.com:443 | openssl x509 -dates -noout
Warning: Reading certificate from stdin since no -in or -new option is given
Connecting to 104.16.98.215
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X2
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=E1
verify return:1
depth=0 CN=production.cloudflare.docker.com
verify return:1
notBefore=Apr 10 23:38:51 2024 GMT
notAfter=Jul  9 23:38:50 2024 GMT

I guess the certificates of the base image might got old. It might helps updating the base Image.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@orsi-dev @robertsirc @vonBork @claytontstevenson