Invalid certificate when pulling docker images

[f18m]

Hi all,
I'm trying to download a docker image on my TNAS F2-210 and I keep getting this error:

Code: Select all

root@TNAS-FF:/home/f18m# docker pull homeassistant/aarch64-addon-mariadb:2.5.1
2.5.1: Pulling from homeassistant/aarch64-addon-mariadb
b3c136eddcbf: Pulling fs layer
7ccb820019d9: Pulling fs layer
7946c12c8fa4: Pulling fs layer
4d4107c0449d: Waiting
af14849e08a1: Waiting
error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/4d/4d185a795ad623ee7f6b28b79d65b567d98c2449779af6850073b89824f7f679/data?verify=1713735621-T7QVLr%2Fm8EuSV9ttlqGAGMEkxNc%3D: x509: certificate has expired or is not yet valid

Note that I get this error for _any_ docker image that has an aarch64 architecture. So it's not a problem on the dockerhub, rather of my TNAS.
I have followed the procedure to update SSL certificates recently (viewtopic.php?t=4243)... could that be the problem?
Note that right now all certificates seem valid:

Screenshot 2024-04-21 225444.png (16.78 KiB) Viewed 332 times

What can I do?

thanks

[TMzethar]

It should not refer to HTTPS certificates.
Based on existing cases, it is highly likely that the current kernel version or Docker version cannot meet the requirements of the image. The specific reason remains to be verified.
Due to limitations in the ARM architecture, the kernel version and Docker version cannot continue to be updated.

[f18m]

Sorry,
You mean to say that docker has stopped working on TOS4 on ARM architecture for everyone?
Or you're saying that the particular image I'm trying to pull does not work anymore on an ARM NAS?
In genreral docker was working till sometime ago, I remember I used to run Home assistant on top of my Nas using docker...

Please clarify your answer.. thanks

[TMLeeh]

No, this situation only occurs in individual images.

[f18m]

Actually I'm trying to pull docker images that I could pull in the past... they all fail now.
E.g. I had

Code: Select all

root@TNAS # docker images
REPOSITORY                     TAG                 IMAGE ID            CREATED             SIZE
homeassistant/home-assistant   2024.3.1            1b9214957004        5 weeks ago         1.87GB
homeassistant/home-assistant   2024.2              d423d09a11d3        2 months ago        1.84GB
caddy                          latest              a09733d8f061        2 months ago        48.3MB
eclipse-mosquitto              latest              41abb9fe07fa        2 months ago        14.5MB
openhab/openhab                4.1.1               269348e2775f        3 months ago        657MB
openhab/openhab                latest              269348e2775f        3 months ago        657MB
homeassistant/home-assistant   2024.1              4a234994897f        3 months ago        1.97GB
alpine                         latest              f6648c04cd6c        8 months ago        7.66MB

so I tried to remove the openhab image and re-pull it:

Code: Select all

root@TNAS # docker image rm openhab/openhab:4.1.1
Untagged: openhab/openhab:4.1.1
root@TNAS # docker image rm openhab/openhab:latest
Untagged: openhab/openhab:latest
Untagged: openhab/openhab@sha256:cf4e12d448c892559fbd088c20187cb4640d6301b0f4adebf5f8ae6acc1a050c
Deleted: sha256:269348e2775f4f607e0d63467b005f74eddda745c66f408ebda9781398f7e7cd
Deleted: sha256:565f109280f9b67311f177c7dd1d60575804a3d43a68599fa93441037a50d324
Deleted: sha256:0423342bf4cac48016b75b0822989406ff8ecc4baddc44e822342087495368f2
Deleted: sha256:ad4e3aa2d8ca7d7d3858c5e14093bc4a663f3057b9d115c473fe4aff8432ad30
Deleted: sha256:7d7c1b470c65168e84bd3199ae74da203f16d29f3a043191cf5ffea4bb92e7d0
Deleted: sha256:a55ecec0302a9a6f31a15b4f153f1b0b3a48d6183e6b4a1d560c0d525b78c170
Deleted: sha256:5f6be48943c8cafa3ac469f20e73d69aaeaa0a11eb732fa5242387532aa3dcc2
Deleted: sha256:04140fb71bb56a283ed37611b10342c6121514ce0a9b51bec919d931000293e3
Deleted: sha256:b9112096710f32d008464f0c67198d92a8ee2ce10b5f875c46dc40ce1c40b414
Deleted: sha256:2499505346125c89e4605d9edd7eccae454fa555ea1a7d912efed2f1832c60e6
root@TNAS # docker pull openhab/openhab:latest
latest: Pulling from openhab/openhab
ef2fb7c49f69: Already exists 
deaf0f874996: Pulling fs layer 
1048e9c9bda5: Pulling fs layer 
4c94aacfd659: Pulling fs layer 
6fa3ed0729fb: Waiting 
4f4fb700ef54: Waiting 
a740ef4fb6b4: Waiting 
error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/e3/e33c759923b9e7e576f835511cd16615a222b496be65d32a4c1c96ff042cb78b/data?verify=1713826135-fJXBy2zZDdr4q43kUrj5nH1%2BSb0%3D: x509: certificate has expired or is not yet valid

I get this same error on all docker images so far. I found ZERO images that I can pull.
I think this is a pretty big issue... can you help me troubleshoot that?

I tried to repeat the docker login without success

Any hint?

Thanks

[TMzethar]

There is no available solution to this problem, we will keep an eye on it.

[pipa89]

I removed the homeassistant container to update the image and now I realize that I can't download any image from the docker app registry on my f2 210 either.

[f18m]

As a workaround to this problem: I discovered that the issue happens only when trying to download from the Docker Hub. Pulling images from quay.io, ghcr.io or gcr.io works fine.
So a workaround is e.g. to pull from a computer the image you want from the Docker Hub, re-tag it and push it to your GitHub container registry (ghcr.io). Then from the NAS pull it from ghcr.io..

This is far from ideal... I hope Terra master will be able to restore docker pulling from the Docker Hub directly...

[pipa89]

This needs a solution immediately, it is not normal that I bought this nas a few months ago and on top of not updating, you cannot use the apps that are already installed... It is nonsense please... People of Terramaster, it's time to go to CONSUMPTION and report you... I hope you solve it now please.

[pipa89]

As a workaround to this problem: I discovered that the issue happens only when trying to download from the Docker Hub. Pulling images from quay.io, ghcr.io or gcr.io works fine.
So a workaround is e.g. to pull from a computer the image you want from the Docker Hub, re-tag it and push it to your GitHub container registry (ghcr.io). Then from the NAS pull it from ghcr.io..

This is far from ideal... I hope Terra master will be able to restore docker pulling from the Docker Hub directly...

I had to download the homeassistant image from this repository https://github.com/home-assistant/core/ ... tag=latest

Docker hub not working with f2 210... I hope they fix it as soon as possible. I need to use the docker hub images.