Utilizing 3rd parth CA's receive error from DTR
"Failed to establish openid authentication", "detail": "OpenID Connect Error\n\ninvalid_client\n\nunable to validate authentication JWT: unable to get service signing key: unable to fetch service keys from https://dtr.example.com/api/v0/openid/keys: HTTP error: Get https://dtr.example.com/api/v0/openid/keys: dial tcp xx.xx.xx.xxx:443: i/o timeout"
Before performing these steps, you must meet the following requirements:
- Verify there are no networking issues blocking communication between UCP and DTR.
Introduction Sentence or Paragraph (required):This unable to validate authentication of JWT error is typically an issue caused where DTR re-registers itself with enzi. This can fail for different reasons, and can be fixed using the reconfigure command.
- <dtr-version> version of dtr running on the cluster docker/dtr:2.2.0, docker/dtr:2.2.4
- <ucp-url> If running behind a load balancer, the ucp-url should point reference configured in the LB (i.e. the CNAME of ELB in AWS)
docker run -it --rm docker/dtr:<dtr-version>reconfigure --ucp-url <ucp-url> --ucp-username <ucp-username> --ucp-password <ucp-password>