yagyeshp
commented
11 months ago Duplicate issue created by mistake.
Closed yagyeshp closed 11 months ago
yagyeshp
commented
11 months ago Duplicate issue created by mistake.
Is there an existing issue for this?
What did you expect to happen?
Image should have been downloaded, but stuck in below error.
docker pull registry.k8s.io/kube-scheduler:v1.26.9 v1.26.9: Pulling from kube-scheduler a7ca0d9ba68f: Already exists fe5ca62666f0: Already exists b02a7525f878: Already exists fcb6f6d2c998: Already exists e8c73c638ae9: Already exists 1e3d9b7d1452: Already exists 4aa0ea1413d3: Already exists 7c881f9ab25e: Already exists 5627a970d25e: Already exists 167eb620404e: Already exists 23d25d10ce41: Retrying in 1 second error pulling image configuration: download failed after attempts=6: tls: failed to verify certificate: x509: certificate is not valid for any names, but wanted to match prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com
Debugging Information
dig registry.k8s.io working
TL;DR
;; ANSWER SECTION: registry.k8s.io. 764 IN A 34.96.108.209
curl -v https://registry.k8s.io/v2/ working
TL;DR
Anything else?
When trying to check ssl certificate of prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com by manually, its giving following errors -- verify error:num=20:unable to get local issuer certificate -- verify error:num=21:unable to verify the first certificate
openssl s_client -showcerts -connect prod-registry-k8s-io-ap-south-1.s3.dualstack.ap-south-1.amazonaws.com:443 </dev/null
CONNECTED(00000003) depth=0 CN = untangle verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN = untangle verify error:num=21:unable to verify the first certificate verify return:1 depth=0 CN = untangle verify return:1
Certificate chain 0 s:CN = untangle i:C = US, ST = California, L = Sunnyvale, O = Untangle, OU = Security, CN = www.untangle.com a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA1 v:NotBefore: Jan 2 03:04:05 2010 GMT; NotAfter: Jan 2 03:04:05 2038 GMT -----BEGIN CERTIFICATE----- MIIDiDCCAnCgAwIBAgIIFAJXJkkAAAAwDQYJKoZIhvcNAQEFBQAwdzELMAkGA1UE BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcTCVN1bm55dmFsZTER MA8GA1UEChMIVW50YW5nbGUxETAPBgNVBAsTCFNlY3VyaXR5MRkwFwYDVQQDExB3 d3cudW50YW5nbGUuY29tMB4XDTEwMDEwMjAzMDQwNVoXDTM4MDEwMjAzMDQwNVow EzERMA8GA1UEAxMIdW50YW5nbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCue1N+lqJX2p1/tSOhMwFZsFxmVuOFqb4RiCYG+n6VUsERL7A2zt3uzom+ KgmcACMnDnmAhZsfTpLEZzBWT5o1uqfiAWj4TBXbo1EU0vaHn9jwp5kC+sNkzVmJ 1M7pJ/B9dL2jcpY17OEKm72a4hZPlo6q+FnjR2o8XWjeSbeNDC5lo22lA14KwjeK UufScnIyQmEAC+tq4QvpXwt6lWyFPHqARWv0tlkoRrtAtXQB7/Yg92j5B1FG2mUl Zq3/HqlEBb3o7hPjIzXK6HZcX5IOFdFS5nMPkHbkI9PMr8fp4EEjZGnZ84f78HL5 d8ONqT3ZMDjbHBNcsNfyNHfwI2OzAgMBAAGjfDB6MAkGA1UdEwQCMAAwLQYJYIZI AYb4QgENBCAWHlVudGFuZ2xlIENlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4E FgQUffPtvUkw2RgzJmRzufEYZZHq/hwwHwYDVR0jBBgwFoAUo3aMax6f0Bs2Vy2M CaXqmORZQ4kwDQYJKoZIhvcNAQEFBQADggEBAKqn9Q+T3N2G4NaehiGZ3WVroskf bIUadeZsKOYv0HryIfCrtZRqz1W3Wi3z4y4s8gXDWZ5s/XayldkYhEMtBxHUfMUr zetYP19c1GgPjrxUXZHoWzjOPFQnkZvIWx53UzbJicjgE5CYlwbemVS7F2SrPyof jc7xMgflFZhQkELeWngSQIlKg3iChVFfkF0FIOVm7upuUHhGN4xqacNjFXPqQSav ccjM42EJ4k4HX+HpKenZ96Y3rsE3FMl6teJ6MgbXXrH+v3oMK8qoS4JYAqiRrbpQ HbxBHSnPZUeVIPjgQlUh3Dzzmy649M9rLUWnhFlAdgFJmrtPtsh0tduM3dY= -----END CERTIFICATE-----
Server certificate subject=CN = untangle issuer=C = US, ST = California, L = Sunnyvale, O = Untangle, OU = Security, CN = www.untangle.com
No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits
SSL handshake has read 1440 bytes and written 455 bytes Verification error: unable to verify the first certificate
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 21 (unable to verify the first certificate)
DONE
Code of Conduct