I ran into the issue of my Synology NAS not being able to pull from my local Docker registry:
docker: Error response from daemon: Get "https://redacted-local-hostname.net/v2/": x509: certificate has expired or is not yet valid
Turns out my Synology hasn't been picking up the latest CA root certificates. I could verify that this is the issue by running
curl -I https://alexnj.com
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.haxx.se/docs/sslcerts.html
Fixing this turned out rather easy. The commands below download the up-to-date root certificates from curl.se, in PEM format. We move it to the place where Synology keeps the CA-certificate bundle, overwriting it. We create a backup of the origin CA-certificate bundle, with a
.backup extension, just in case you'd want to revert for any reason.
cp /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt.backup
wget --no-check-certificate https://curl.se/ca/cacert.pem
mv cacert.pem /etc/ssl/certs/ca-certificates.crt
After this, the same curl command started succeeding. However, Docker was still throwing the same error — meaning it didn't pick up the updated root certificates. Solution? Let's try restarting the Synology Docker daemon:
synoservice --restart pkgctl-Docker
That took care of it. If you run into the same issue with your Synology, hope this helps!