Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to authorize - gitea when pushing an image - failed to verify certificate #451

Open
eliassal opened this issue Nov 18, 2024 · 8 comments
Open

Failed to authorize - gitea when pushing an image - failed to verify certificate #451

eliassal opened this issue Nov 18, 2024 · 8 comments
Labels
bug Something isn't working

Comments

@eliassal
Copy link

What is your environment, configuration, and command?

docker push gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu:24.04
Ubuntu 24.04

What did you do and What did you see instead?

I created a new repo at gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu

Additional Information. Logs.

docker push gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu:24.04
The push refers to repository [gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu]
ff65ddf9395b: Unavailable
failed to authorize: failed to fetch oauth token: Post "https://gitea.cnoe.localtest.me:8443/v2/token": tls: failed to verify certificate: x509: certificate signed by unknown authority
@eliassal eliassal added the bug Something isn't working label Nov 18, 2024
@cmoulliard
Copy link
Contributor

I did a test on my machine usign an fresh instancde of idpbuilder created using version 0.8.1 and cannot reproduce your issue

❯ docker pull ubuntu:24.04
24.04: Pulling from library/ubuntu
Digest: sha256:278628f08d4979fb9af9ead44277dbc9c92c2465922310916ad0c46ec9999295
Status: Image is up to date for ubuntu:24.04
docker.io/library/ubuntu:24.04

❯ docker login gitea.cnoe.localtest.me:9443
Username: giteaAdmin
Password:
Login Succeeded

❯ docker tag ubuntu:24.04 gitea.cnoe.localtest.me:9443/giteaadmin/ubuntu

❯ docker push gitea.cnoe.localtest.me:9443/giteaadmin/ubuntu
Using default tag: latest
The push refers to repository [gitea.cnoe.localtest.me:9443/giteaadmin/ubuntu]
2d6b6e63aa2f: Pushed
latest: digest: sha256:8c0cd79cc31c13c52d7c149b67705cf908c7640578f769e34dcbf3d822180442 size: 529

See screenshot
Screenshot 2024-11-18 at 13 20 11

@eliassal
Copy link
Author

So what I shoyld do now, or how to debug why it is happening in my environment?

@cmoulliard
Copy link
Contributor

Disable the TLS verification or add the gitea TLS certificate to docker: https://docs.docker.com/reference/cli/dockerd/

@eliassal
Copy link
Author

@cmoulliard, disable TLS, where in idpbuilder?
gitea TLS cert, where can I find it?
Thanks in advance

@cmoulliard
Copy link
Contributor

disable TLS, where in idpbuilder?

No using docker as this is your docker CLI which is complaining

@cmoulliard
Copy link
Contributor

gitea TLS cert, where can I find it?

You can get it easily if you using your browser or the secret:

❯ k get secret/idpbuilder-cert -n ingress-nginx -oyaml
apiVersion: v1
data:
  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJyakNDQVZTZ0F3SUJBZ0lRZlBMRExjUU4wZTlCalZuNXNJcVBLekFLQmdncWhrak9QUVFEQWpBU01SQXcKRGdZRFZRUUtFd2RqYm05bExtbHZNQjRYRFRJME1URXhPREV5TURVeU1Gb1hEVEkxTVRFeE9ERTRNRFV5TUZvdwpFakVRTUE0R0ExVUVDaE1IWTI1dlpTNXBiekJaTUJNR0J5cUdTTTQ5QWdFR0NDcUdTTTQ5QXdFSEEwSUFCQ1QvClN2NHF0SzJ4eGRSSmt1eVRCQ1NVc25PcW5EUWRjZE9leURHaG90Nkt2NWtLWFVFYVh6ZEdoV0c3dGlESStra0MKSnFmSm52ZDhUN2ladjJFRDg4NmpnWXN3Z1lnd0RnWURWUjBQQVFIL0JBUURBZ0tFTUJNR0ExVWRKUVFNTUFvRwpDQ3NHQVFVRkJ3TUJNQThHQTFVZEV3RUIvd1FGTUFNQkFmOHdIUVlEVlIwT0JCWUVGR2h0d3FaT2RLTTc2SzRyCmJkYWJqQ2hJOFI5cE1ERUdBMVVkRVFRcU1DaUNFV051YjJVdWJHOWpZV3gwWlhOMExtMWxnaE1xTG1OdWIyVXUKYkc5allXeDBaWE4wTG0xbE1Bb0dDQ3FHU000OUJBTUNBMGdBTUVVQ0lRQzNxRE1JeE5OaDdaUER2bnFCbmoyLwpJaXZtMGwvdnNLNDNuWHJjcndPZ2JRSWdQYVZZcWVnc21MNmwvWlVpblNsR2JFTjdGZFlMN0E4RVlNeHN5N2o1CjFTUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
...
kind: Secret
metadata:
  creationTimestamp: "2024-11-18T12:05:20Z"
  name: idpbuilder-cert
  namespace: ingress-nginx
  resourceVersion: "295"
  uid: 3a92b75e-b113-44f6-9047-2984085e8145
type: kubernetes.io/tls

@eliassal
Copy link
Author

Hi @cmoulliard I tried the following on the command line
export DOCKER_TLS_VERIFY=
then issued the push command, it did not work as well.
I did get the certificates and saved them to tsl.crt and tls.key. Where should I put them? I googled a little bit, a lot of contradictory information one of them indicates that certificates should go to /etc/docker/cert.d folder, I checked file system, there is no such folder. Also, should those certificates name gitea.cnoe.localtest.me.crt and gitea.cnoe.localtest.me.key?

Thanks for your help

@cmoulliard
Copy link
Contributor

export DOCKER_TLS_VERIFY=
then issued the push command, it did not work as well.

You can define (see please docker cli documentation - https://docs.docker.com/reference/cli/docker/#options) the path to access a local cert file like also the parameter to enable/disable TLS verification

I suggest also that you move to podman which better works than docker today ;-)

podman push gitea.cnoe.localtest.me:8443/giteaadmin/ubuntu:24.04 --tls-verify=false

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cmoulliard @eliassal