After updating to Docker v1.7.0 (and also boot2docker), I'm getting the following error when running docker ps:
x509: certificate is valid for 127.0.0.1, 10.0.2.15, not 192.168.59.103
Is this a known issue with this version, and what can I do to fix this?
This is a known issue introduced in version 1.7.0 of boot2docker: https://github.com/boot2docker/boot2docker/issues/824
Update to boot2docker 1.7.1
Updating to boot2docker 1.7.1 fixes this issue, as described here.
Options for boot2docker 1.7.0
It seems to be related to the way the network interfaces are coming up during boot. The following options can be used to fix this.
Option 1
The fix is to run the following sequence, which adds code to wait for all network interfaces to be present:
boot2docker ssh
sudo curl -o /var/lib/boot2docker/profile https://gist.githubusercontent.com/garthk/d5a17007c277aa5c76de/raw/3d09c77aae38b4f2809d504784965f5a16f2de4c/profile
sudo halt
boot2docker up
Source (and more details on the code that is downloaded): https://gist.github.com/garthk/d5a17007c277aa5c76de
This has fixed the issue for me, although I had to stop the boot2docker-vm through the VirtualBox UI to get a clean start.
The Gist adds the following to the .profile file in the boot2docker VM:
wait4eth1() {
CNT=0
until ip a show eth1 | grep -q UP
do
[ $((CNT++)) -gt 60 ] && break || sleep 1
done
sleep 1
}
wait4eth1
This function waits up to 1 minute for the eth1 interface to come up.
Option 2
Another option seems to be to do
boot2docker delete
boot2docker init
boot2docker up
This will destroy the boot2docker VM - you might lose any customizations you have done.
Simply running this command fixes the issue for me. This was suggested by a Docker employee via GitHub.
boot2docker ssh sudo /etc/init.d/docker restart
Unfortunately it needs to be run each time you start boot2docker.
I've found the following "easy" alternative to work. Use a shell alias:
alias docker="docker --tlsverify=false"
Thanks to Mark Duncan.
From the troubleshooting guide:
docker-machine regenerate-certs default
docker-machine restart default
And then you're good to go, just run this as usual
eval $(docker-machine env default)
来源:https://stackoverflow.com/questions/30980474/docker-complains-about-invalid-certificate-after-update-to-v1-7-0