Docker-compose without client tls authentication fails with the error [SSL: CERTIFICATE_VERIFY_FAILED]
Article ID: 317067
Updated On:
Products
VMware vSphere ESXi
Issue/Introduction
Symptoms:
ERROR: Couldn't connect to Docker daemon at http://192.168.100.50:2376 - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
- When trying to deploy a service through docker-compose against the VCH docker-compose API endpoint you see messages similar to the following:
ERROR: SSL error: HTTPSConnectionPool(host='192.168.100.50', port=2376): Max retries exceeded with url: /v1.22/networks/dockercompose_decryptator (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))
ERROR: Couldn't connect to Docker daemon at http://192.168.100.50:2376 - is it running?
If it's at a non-standard location, specify the URL with the DOCKER_HOST environment variable.
Environment
VMware vSphere Integrated Containers 1.5.x
VMware vSphere ESXi 6.7
VMware vSphere ESXi 6.7
Resolution
When running docker-compose commands against the VCH docker-compose API you need to specify the version of TLS that you are going to use, in this case TLS 1.2 that is the one supported by VIC.
The way of specifying the TLS version for the docker-compose client is by setting an environment variable. The variable you have to use is COMPOSE_TLS_VERSION and it has to be equal to TLSv1_2.
export COMPOSE_TLS_VERSION=TLSv1_2
The way of specifying the TLS version for the docker-compose client is by setting an environment variable. The variable you have to use is COMPOSE_TLS_VERSION and it has to be equal to TLSv1_2.
export COMPOSE_TLS_VERSION=TLSv1_2
Feedback
Yes
No
Powered by
