Skip to main content

Docker Success Center

The Docker enterprise customer portal.

Docker, Inc.

Revert DTR certificates to self-signed certificates generated by DTR

For an existing DTR instance, it is possible to reconfigure DTR to use self-signed certificates generated by DTR.

This can be helpful in following example instances:

  • If you used 3rd party certificates and want to revert back to the built-in DTR self-signed certificates.
  • Can not access DTR UI due to expired certificates.

Resolution

To revert to self-signed certificates for DTR:

  1. Run the DTR reconfigure command and change to a different dtr-external-url (be sure to change to your IP address):
    docker run -it --rm docker/dtr reconfigure --dtr-external-url 10.0.0.5 --ucp-insecure-tls --ucp-url https://x.x.x.x:443
  2. Look for following output to show that DTR generated new certificates:
    INFO[0008] TLS certificate does not match domain name    domainName=10.0.0.5
    INFO[0024] Generated TLS certificate.                    domain=10.0.0.5
    
  3. Wait a minute or 2 for the containers to be stable. 
  4. Proceed to log into the UI using the newly configured DTR external URL.
To revert to self-signed certificates for UCP, refer to Revert UCP certificates to self-signed certificates generated by UCP.