docker certificate has expired or is not yet valid

张映 发表于 2020-05-07

分类目录: 云计算

标签:, ,

docker-machine ls报了以下错误

Unable to query docker version: Get https://192.168.99.101:2376/v1.15/version: x509: certificate has expired or is not yet valid

很明显,证书过期了。

1,检查证书

$ openssl x509 -in ~/.docker/machine/certs/cert.pem -text | grep "Not After"
 Not After : May 6 06:44:00 2020 GMT   //2020.5.6过期

zhangying machine$ ll ~/.docker/machine/certs/
total 16
drwx------ 6 zhangying staff 192 5 22 2017 ./
drwxr-xr-x 5 zhangying staff 160 5 22 2017 ../
-rw------- 1 zhangying staff 1675 5 22 2017 ca-key.pem
-rw-r--r-- 1 zhangying staff 1042 5 22 2017 ca.pem
-rw-r--r-- 1 zhangying staff 1082 5 22 2017 cert.pem
-rw------- 1 zhangying staff 1675 5 22 2017 key.pem

2,重新生成证书

zhangying certs$ docker-machine regenerate-certs --client-certs default
Regenerate TLS machine certs? Warning: this is irreversible. (y/n): y
Regenerating TLS certificates
Regenerating local certificates
CA certificate is outdated and needs to be regenerated
Creating CA: /Users/zhangying/.docker/machine/certs/ca.pem
Client certificate is outdated and needs to be regenerated
Creating client certificate: /Users/zhangying/.docker/machine/certs/cert.pem
Waiting for SSH to be available...
Detecting the provisioner...
Unable to verify the Docker daemon is listening: Maximum number of retries (10) exceeded

低版本的docker-machine,是没有--client-certs,所以要升级

zhangying .docker$ docker-machine regenerate-certs --client-certs defalut
Incorrect Usage.

Usage: docker-machine regenerate-certs [OPTIONS] [arg...]

Regenerate TLS Certificates for a machine

Description:
 Argument(s) are one or more machine names.

Options:

 --force, -f Force rebuild and do not prompt
flag provided but not defined: --client-certs  //老版本不支持

zhangying certs$ docker-machine -v
docker-machine version 0.8.2, build e18a919  //升级前

zhangying certs$ docker-machine -v
docker-machine version 0.16.1, build cce350d7  //升级后

3,查看证书文件

zhangying certs$ ll ~/.docker/machine/certs/
total 16
drwx------ 6 zhangying staff 192 5 7 16:06 ./
drwxr-xr-x 5 zhangying staff 160 5 22 2017 ../
-rw------- 1 zhangying staff 1675 5 7 16:06 ca-key.pem
-rw-r--r-- 1 zhangying staff 1042 5 7 16:06 ca.pem
-rw-r--r-- 1 zhangying staff 1082 5 7 16:06 cert.pem
-rw------- 1 zhangying staff 1679 5 7 16:06 key.pem

4,查看运行情况

zhangying certs$ docker-machine start
Starting "default"...
(default) Check network to re-create if needed...
(default) Waiting for an IP...
Machine "default" was started.
Waiting for SSH to be available...
Detecting the provisioner...
Started machines may have new IP addresses. You may need to re-run the `docker-machine env` command.

zhangying certs$ docker-machine env
export DOCKER_TLS_VERIFY="1"
export DOCKER_HOST="tcp://192.168.99.101:2376"
export DOCKER_CERT_PATH="/Users/zhangying/.docker/machine/machines/default"
export DOCKER_MACHINE_NAME="default"
# Run this command to configure your shell:
# eval $(docker-machine env)

zhangying certs$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Running tcp://192.168.99.101:2376 v19.03.1


转载请注明
作者:海底苍鹰
地址:http://blog.51yip.com/cloud/2407.html