Ao executar o comando docker, recebo o seguinte erro:
docker run hello-world
Carregando o repositório docker.io/library/hello-world
docker: A rede expirou ao tentar conectar-se ao link . Você pode querer verificar sua conexão com a Internet ou se você está por trás de um proxy ..
Estou recebendo a seguinte saída CURL:
curl -v https://index.docker.io
* Rebuilt URL to: https://index.docker.io/
* Hostname was NOT found in DNS cache
* Trying 54.152.78.181...
* Connected to index.docker.io (54.152.78.181) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to index.docker.io:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to index.docker.io:443
Então, como vou puxar minhas máquinas agora?
Agora, recebo a seguinte mensagem:
Não é possível encontrar a imagem 'hello-world: latest' localmente
o mais atrasado: Puxando da biblioteca / olá-mundo
03f4658f8b78: Download
a3ed95caeb02: Baixando
janela de encaixe: x509: certificado assinado por autoridade desconhecida.
Atualização (chaves ofuscadas):
executando o seguinte comando dá saída:
~$ openssl s_client -connect index.docker.io:443
CONNECTED(00000003)
depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
0 s:/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io
i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEpDCCA4ygAwIBAgIDAyF3MA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuLQYDVQQLEyZEb21haW4gQ29udHJvbCBW
YWxpZGF0ZWQgLSBSYXBpZFNTTChSKTEUMBIGA1UEAwwLKi5kb2NrZXIuaW8wggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDRyme75dbw9AxWZ8QFCwMWrrYY
SclZ6HCiEbxSNxHgg08rEfEYi46VrL+joBwlA0t5WIIxHF198NzzdXC4YeGzruY9
7osv5lPrcdeIi+Ad+fY6K0rBBOB3xdqSPPObrINZpDmWhCQjlsnM6a1Th0oSUCjI
345b84/8PH363YO+Qmnl8BWnaTcZoPzeywM9czQsMyF2bOH+dhxja/zim6iu8W34
yBhVQeQRd1QROuHcsQAX19DKTn6TXaAwIBY3xM1Bi5Zl6tueII4dOEoibw/ImR3c
H73Pk7j1Wx+rAXeeq7LwjkUCCSlKNrHFEQ2nbr0R7FH6cck1ppgM8ud1pHr9AgMB
AAGjggFOMIIBSjAfBgNVHSMEGDAWgBTDnPP800YINLvORn+gfFvz4gjLWTBXBggr
BgEFBQcBAQRLMEkwHwYIKwYBBQUHMAGGE2h0dHA6Ly9ndi5zeW1jZC5jb20wJgYI
KwYBBQUHMAKGGmh0dHA6Ly9ndi5zeW1jYi5jb20vZ3YuY3J0MA4GA1UdDwEB/wQE
AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwIQYDVR0RBBowGIIL
Ki5kb2NrZXIuaW+CCWRvY2tlci5pbzArBgNVHR8EJDAiMCCgHqAchhpodHRwOi8v
Z3Yuc3ltY2IuY29tL2d2LmNybDAMBgNVHRMBAf8EAjAAMEEGA1UdIAQ6MDgwNgYG
Z4EMAQIBMCwwKgYIKwYBBQUHAgEWHmh0dHBzOi8vd3d3LnJhcGlkc3NsLmNvbS9s
ZWdhbDANBgkqhkiG9w0BAQsFAAOCAQEATYgwOYz/w9Qyh/YPZQDZ0BdwhkX6OCX0
Mz8pP/OO+E+1RM7ZoAGwHvIaidFqh3WeCLHjGO2IId7Ff5EZUwZhiwog0R7Y838x
OCLza/2shuvjM/FPiyXDQ6q0w4rvpwsNjmYVDdYD8bCH3b8IlO2ysjgdhRYprsdU
jg6h+zK11/tXf6S5vegrgV0F62DYx0tuTTZq/HMuXvbgY2uL1sQ5jiHlzQndV9oL
YMYqJP5MkuAKzDL5u0b8mD/EHtoPkfWOIsA5i9YrAAoWRVOJHwfFfgSY+EpXpFc4
AZUPmdZGh6q1YNavRoOL/1D5aP/VBBtofj54uMbKOK8q6vxIXSyzaw==
-----END CERTIFICATE-----
subject=/OU=GT98568428/OU=See www.rapidssl.com/resources/cps (c)15/OU=Domain Control Validated - RapidSSL(R)/CN=*.docker.io
issuer=/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA - G3
---
No client certificate CA names sent
---
SSL handshake has read 2914 bytes and written 421 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID: 111E09F815E121C7EA7E7FD0C07C4AC31FFDE4E13AD9BA926AFF03A2E267130C
Session-ID-ctx:
Master-Key: 78A4ABC11BFCCA245F4B3FE8BDA0C0BC3A10D3E9BB447838B06D8BB16DA1553DBBCBFE03408AF34FB7D0CA5E3E7E8D40
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 57 92 4f 5c a0 41 ab d9-62 2c b1 05 66 b5 bc 79 W.O\.A..b,..f..y
0010 - c8 32 a1 b0 f3 df 3d e7-c8 8d 0b 62 b2 6f 2b 99 .2....=....b.o+.
0020 - 80 e1 60 73 19 67 bd c5-bf 4c 61 26 ca 3c 4d bd ..'s.g...La&.i...
0090 - ea ca 71 3e 9a 64 e8 23-dc f6 77 b4 6a 59 ac cd ..q>.d.#..w.jY..
Start Time: 1456385623
Timeout : 300 (sec)
Verify return code: 20 (unable to get local issuer certificate)
---
Eu tentei seguir os comandos, mas em vão:
sudo update-ca-certificates
sudo serviço docker restart
Também seguindo os resultados do comando:
# update-ca-certificates
Updating certificates in /etc/ssl/certs... unable to load certificate
140587866932896:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
unable to load certificate
140365960205984:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate cacerthaxx.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
4 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
root@Data-Server:~# update-ca-certificates -f
Clearing symlinks in /etc/ssl/certs...done.
Updating certificates in /etc/ssl/certs... unable to load certificate
140706921281184:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
unable to load certificate
139841225197216:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE
WARNING: Skipping duplicate certificate cacerthaxx.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
WARNING: Skipping duplicate certificate UbuntuOne-Go_Daddy_Class_2_CA.pem
177 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
relacionado: link