黑群晖:certificate has expired or is not yet valid
https://blog.csdn.net/weixin_54655073/article/details/138663733
sudo -i
mv /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.bak
sudo curl -Lko /etc/ssl/certs/ca-certificates.crt https://curl.se/ca/cacert.pem
synoservice --restart pkgctl-Docker (重启docker,如果卡住,就重启设备)
https://alexnj.com/blog/updating-root-certificates-on-synology/
Updating CA root certificate bundle on Synology
I ran into the issue of my Synology NAS not being able to pull from my local Docker registry:
docker: Error response from daemon: Get "https://redacted-local-hostname.net/v2/": x509: certificate has expired or is not yet valid
Turns out my Synology hasn't been picking up the latest CA root certificates. I could verify that this is the issue by running curl
curl -I https://alexnj.com curl: (60) SSL certificate problem: certificate has expired More details here: https://curl.haxx.se/docs/sslcerts.html ...
Fixing this turned out rather easy. The commands below download the up-to-date root certificates from curl.se, in PEM format. We move it to the place where Synology keeps the CA-certificate bundle, overwriting it. We create a backup of the origin CA-certificate bundle, with a .backup extension, just in case you'd want to revert for any reason.
cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.backup wget --no-check-certificate https://curl.se/ca/cacert.pem mv cacert.pem /etc/ssl/certs/ca-certificates.crt
After this, the same curl command started succeeding. However, Docker was still throwing the same error — meaning it didn't pick up the updated root certificates. Solution? Let's try restarting the Synology Docker daemon:
synoservice --restart pkgctl-Docker
That took care of it. If you run into the same issue with your Synology, hope this helps!
