Proxy TLS Troubleshooting
When using the proxy there may be a few hiccups with the TLS setup along the way that this documentation page addresses.
Error: "x509: certificate is not valid for any names" in daemon.log
If you see this error in daemon.log logfile, then this means that the certificate the proxy uses is not generated with a hostname to match against.
With older version of Go, this was not a problem and when you had the proxy generate a certificate with an old version of the Proxy, then this error may appear when you updated to a daemon that uses a recent version of Go to compile
In this case there are two steps to fix this error:
Make sure that you start the proxy with the
--hostname=matching the host that the daemons have configured in
Let the proxy regenerate the certificates by deleting the old ones
proxy.key, then restarting the proxy.
Copy the new
proxy.crtto all daemons and overwrite the old ones.
See the proxy installation page for more information on how to setup TLS.
Error: "remote error: tls: bad certificate" in proxy.log
This error is the server-side version of the prevoius "x509: certificate" error in the daemon.log. The same steps apply to remedy the situation.