[lxc-users] error: Get https://images.linuxcontainers.org:8443/1.0/images/ubuntu/xenial/amd64:?==?utf-8?q? x509: certificate is valid for images.linuxcontainers.org
Stéphane Graber
stgraber at ubuntu.com
Thu Jun 8 04:40:35 UTC 2017
On Thu, Jun 08, 2017 at 03:23:14AM +0000, Tomasz Chmielewski wrote:
> I'm not able to launch a container on one of the servers:
>
> # lxc launch images:ubuntu/xenial/amd64 containername
> error: Get https://images.linuxcontainers.org:8443/1.0/images/ubuntu/xenial/amd64: x509: certificate is valid for images.linuxcontainers.org, uk.images.linuxcontainers.org, us.images.linuxcontainers.org, not *.linuxcontainers.org
>
>
> Not sure how to debug this.
>
> This works:
>
> # curl https://images.linuxcontainers.org:8443/1.0/images/ubuntu/xenial/amd64
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html><head>
> <title>301 Moved Permanently</title>
> </head><body>
> <h1>Moved Permanently</h1>
> <p>The document has moved <a href="https://uk.images.linuxcontainers.org:8443/1.0/images/ubuntu/xenial/amd64">here</a>.</p>
> <hr>
> <address>Apache/2.4.7 (Ubuntu) Server at images.linuxcontainers.org Port 8443</address>
> </body></html>
Hi,
So the one thing I can think of which may cause that is if you ran a
very old version of LXD at some point which would cache the certificate
of public servers.
If that's the case, the following should fix things for you:
rm .config/lxc/servercerts/images.crt
That will cause LXD to go back to checking against the system CA which
should work fine as was proven by your curl example.
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170607/4b3abaa4/attachment.sig>
More information about the lxc-users
mailing list