Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I got an error when I try to connect my docker via HTTPs: x509: certificate is valid for 0.0.0.0, not <My Container IP>

Ask Question

My dockerd(docker daemon) running on my remote computer instance.

I need connect my dockerd with my local computer, and I try This Link

when I finished, I got an error.

docker --tlsverify --tlscacert=ca.pem --tlscert=cert.pem --tlskey=key.pem -H=$HOST:2376 ps
error during connect: Get https://$HOST:2376/v1.24/containers/json: x509: certificate is valid for 0.0.0.0, not $HOST
What should I do?
Update:
$HOST is my remote server IP address.
                If covering of some sensitive data is needed in the snippets, don't parameterise it (like with $HOST here, just replace it with some valid imaginary data, like foobar.local for your example. Otherwise there could be options in reasoning: was the provided command called as-is (with single-quotes) so $HOST got into the error message as-is?
– Aleksandr Vinokurov
                Apr 14, 2021 at 8:02
                I'd highly recommend turning off the remote Docker API entirely.  It's dangerous (if you can access the socket successfully, you can root the host), and practically you probably need normal login access anyways (-v bind-mount options always use the system the daemon is running on, so you need to scp files to the target system in most practical cases).
– David Maze
                Apr 14, 2021 at 10:00
                @AleksandrVinokurov Sorry, I'm new here. As you said, I did that to protect sensitive data.  $HOST is my remote server IP address(like 22.22.22.22).
– CCat
                Apr 14, 2021 at 12:45
Did you follow this from the link you mentioned?
Since TLS connections can be made through IP address as well as DNS name, the IP addresses need to be specified when creating the certificate. For example, to allow connections using 10.10.10.20 and 127.0.0.1:
$ echo subjectAltName = DNS:$HOST,IP:10.10.10.20,IP:127.0.0.1 >> extfile.cnf
Could it be that your real value (instead of the $HOST in your snippet) was not used in the aforementioned step?
        Thanks for contributing an answer to Stack Overflow!
Please be sure to answer the question. Provide details and share your research!
But avoid …
Asking for help, clarification, or responding to other answers.
Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.