Docker Registry x509: certificate has expired or is not yet valid

How to Use GitLab
1

Hi
I have a problem with the Gitlab registry.
When I try to login to the registry with

docker login git.exempel.com:5005

I get this errors messages

Error response from daemon: Get https://git.exampel.com:5005/v2/: x509: certificate has expired or is not yet valid

I have tried to update the SSL certificate and changed timezone so the clock is right on the system

registry_external_url 'https://git.exampel.com'
gitlab_rails['registry_enabled'] = true
gitlab_rails['registry_port'] = "5005"
registry['enable'] = true

registry_nginx['enable'] = true
registry_nginx['listen_port'] = 5005
registry_nginx['listen_https'] = true
registry_nginx['ssl_certificate'] = "/etc/gitlab/trusted-certs/fullchain.pem"
registry_nginx['ssl_certificate_key'] = "/etc/gitlab/trusted-certs/privkey.pem"
2

I have the same problem. Had you maybe found the issue?

3

Hi
No i did not finde a direct solution however the problem just disappeared after a few houres with frustration and a few dozen reboots of the server :sweat_smile:
Hope you mange to find a solution because i have encounter it a few times with out luck on finding out how to fix it

4

The same issue just popped up for me. Have you guys found a fix for this in the meantime? I realize this thread is old but I’m just hunting the solution.

Many thanks.

5

No sorry i have not found any real solution to the problemer yet :frowning:

6

I found a solution.

The issue was that I just renewed my certificates with Let’s encrypt and that the certificates were not yet updated for the registry (which runs on a different instance on AWS).

Removing the older certificates for the gitlab-runner and doing a gitlab-ctl reconfigure triggered a copy of the certificates to the other machine.

7

Today i got the same issue and error message from my gitlab runner, after upgrading the gitlab main version to the newest.

I am running my gitlab with docker, behind an apache. My full gitlab instance is configured to not use certificates in any way, so my apache is handling all ssl related stuff and the certificates are still valid.

The only active part in my config related to Registry is:
registry_external_url=‘https://mygit.domain.com:63322
Everything else is commented out (like defaults).

This worked perfectly, until i made the Gitlab upgrade today.

8

Never mind my problem.
I found out, gitlab generated some letsencrypt certificates and used them.
They expire after 90 days, which indeed expired shortly after i upgraded the gitlab instance yesterday… That’s called bad luck!

i tried to renew the certificates with ‘gitlab-ctl renew-le-certs’ which sadly was not successful and showed multiple errors, which is another issue (which belongs into another thread)!

Now i ended up using my real certificate which i also use in my apache instance.

9

Hi! There is command for renew cert of your cr registry.

Important to stop gitlab before it.

gitlab-ctl stop
certbot certonly --standalone -d cr.*your_domain*
gitlab-ctl start