Trying to create a preload image with Open Balena deployed on AWS EC2 from the cli v9.6.0 with:
balena preload /resin.img --app myAppName --commit theCommitId
And getting the following error:
- Resizing partitions and waiting for dockerd to start
- Cleaning up temporary files
(HTTP code 500) server error - Get https://registry.MYDOMAIN.com/v2/: x509: certificate signed by unknown authority
Checking with:
curl -v https://registry.MYDOMAIN.com/v2
returns:
MYIP = the EC2 ip address
MYDOMAIN = my domain
* Trying MYIP...
* TCP_NODELAY set
* Connected to registry.MYDOMAIN.com (MYIP) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.MYDOMAIN.com
* start date: Dec 26 12:25:07 2018 GMT
* expire date: Dec 25 12:25:07 2020 GMT
* subjectAltName: host "registry.MYDOMAIN.com" matched cert's "*.MYDOMAIN.com"
* issuer: CN=ca.MYDOMAIN.com
* SSL certificate verify ok.
> GET /v2 HTTP/1.1
> Host: registry.MYDOMAIN.com
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Docker-Distribution-Api-Version: registry/2.0
< Location: /v2/
< Date: Wed, 26 Dec 2018 19:09:02 GMT
< Content-Length: 39
< Content-Type: text/html; charset=utf-8
<
<a href="/v2/">Moved Permanently</a>.
* Connection #0 to host registry.MYDOMAIN.com left intact
Any ideas?