Balena deploy -> Error: Get https://registry.iot.domain.edu/v2/: x509: certificate signed by unknown authority

summary
#1

I am trying to test out my environment, but have run into this issue. I cam across this post Balena deploy Progress Error and have also tried putting our certificate on haproxy container, but that did not result in any change. I tried rebuilding haproxy container (placing a copy command in Dockerfile). I also just tried copying the pem to the container.

docker cp domain.edu.pem openbalena_haproxy_1_62aa8dc129eb:/etc/ssl/private/open-balena.pem

then restarting the containers. I just keep getting the error below when I try to deploy thetest app.

 balena deploy Snake --logs --source . --emulated
[Debug]   Parsing input...
[Debug]   Loading project...
[Debug]   Resolving project...
[Debug]   Failed to resolve project:
[Debug]   AggregateError of:
[Debug]       Error: ENOENT: no such file or directory, open '/root/open-balena/projects/sense-snake/docker-compose.yml'
[Debug]       Error: ENOENT: no such file or directory, open '/root/open-balena/projects/sense-snake/docker-compose.yaml'
[Info]    Creating default composition with source: /root/open-balena/projects/sense-snake
[Debug]   Creating project...
[Info]    Everything is up to date (use --build to force a rebuild)
[Info]    Creating release...
[Debug]   Tagging images...
[Debug]   Authorizing push...
[Info]    Pushing images to registry...
Retrying "registry.iot.domain.edu/v2/3178f570ccf5bf48ed0151f2880d493a:latest" after 2.00s (1 of 3) due to: Error: Get https://registry.iot.domain.edu/v2/: x509: certificate signed by unknown authority
Retrying "registry.iot.domain.edu/v2/3178f570ccf5bf48ed0151f2880d493a:latest" after 2.80s (2 of 3) due to: Error: Get https://registry.iot.domain.edu/v2/: x509: certificate signed by unknown authority
Retrying "registry.iot.domain.edu/v2/3178f570ccf5bf48ed0151f2880d493a:latest" after 3.92s (3 of 3) due to: Error: Get https://registry.iot.domain.edu/v2/: x509: certificate signed by unknown authority
[Debug]   Saving image registry.iot.domain.edu/v2/3178f570ccf5bf48ed0151f2880d493a
[Debug]   Untagging images...
[Info]    Saving release...
[Error]   Deploy failed
Error: Get https://registry.iot.domain.edu/v2/: x509: certificate signed by unknown authority
    at Stream.<anonymous> (/usr/lib/node_modules/balena-cli/node_modules/docker-progress/index.js:53:19)
    at Stream.emit (events.js:193:13)
    at Stream.EventEmitter.emit (domain.js:481:20)
    at drain (/usr/lib/node_modules/balena-cli/node_modules/through/index.js:36:16)
    at Stream.stream.queue.stream.push (/usr/lib/node_modules/balena-cli/node_modules/through/index.js:45:5)
    at Parser.parser.onToken (/usr/lib/node_modules/balena-cli/node_modules/JSONStream/index.js:132:18)
    at Parser.proto.write (/usr/lib/node_modules/balena-cli/node_modules/jsonparse/jsonparse.js:135:34)
    at Stream.<anonymous> (/usr/lib/node_modules/balena-cli/node_modules/JSONStream/index.js:23:12)
    at Stream.stream.write (/usr/lib/node_modules/balena-cli/node_modules/through/index.js:26:11)
    at IncomingMessage.ondata (_stream_readable.js:705:22)
    at IncomingMessage.emit (events.js:193:13)
    at IncomingMessage.EventEmitter.emit (domain.js:481:20)
    at addChunk (_stream_readable.js:295:12)
    at readableAddChunk (_stream_readable.js:276:11)
    at IncomingMessage.Readable.push (_stream_readable.js:231:10)
    at HTTPParser.parserOnBody (_http_common.js:126:22)
    at Socket.socketOnData (_http_client.js:447:22)
    at Socket.emit (events.js:193:13)
    at Socket.EventEmitter.emit (domain.js:481:20)
    at addChunk (_stream_readable.js:295:12)
    at readableAddChunk (_stream_readable.js:276:11)
    at Socket.Readable.push (_stream_readable.js:231:10)
    at Pipe.onStreamRead (internal/stream_base_commons.js:150:17)

If you need help, don't hesitate in contacting our support forums at
https://forums.balena.io

For bug reports or feature requests, have a look at the GitHub issues or
create a new one at: https://github.com/balena-io/balena-cli/issues/
#4

It turns I restarting the containers and rebuilding was not enough. I had to completely restart docker. Although I also rebooted the server for good measure. Working now.

#13

Hey @rpelletier glad to hear this is working for you now., and thanks for following back. I think this was mentioned by Rich in the thread you linked:

[…] you should add your /config/certs/root/ca.cert to your system trusted root certificate store and then restart the Docker service. This will allow your machine to push to the hosted registry within OpenBalena.

But was probably easy to miss :slight_smile:

#15

Indeed, I did miss it the first time, caught it the second time I read it. It always pays to go back and read again. Thanks.