0 0 Share PDF

How to update self-signed certificates for DTR

Issue

In some situations, customer might opt to just use self-signed certificate, but it will eventually expire.

Resolution

The following steps show you how to regenerate the DTR self-signed certificates.

  1. Check all replicas to verify that all DTR containers are running and not "restarting":

    sudo docker ps -a | grep dtr
    
  2. Run dtr/reconfigure command passing the --dtr-external-url flag, providing a WRONG dtr-external-url. This will cause DTR to re-generate the self-signed.

    docker run -it --rm docker/dtr \
    reconfigure --ucp-insecure-tls \
    --ucp-url <ucp admin url>:443 \
    --ucp-username <ucp admin uid> \
    --ucp-password <password> \
    --dtr-external-url <wrongeservername>
    

    Note: More about reconfigure options can be found on docs.docker.com*

  3. Run the reconfigure command again using the ACTUAL DTR URL. This will allow you to log into DTR UI.

    docker run -it --rm docker/dtr \
    reconfigure --ucp-insecure-tls \
    --ucp-url <ucp admin url>:443 \
    --ucp-username <ucp admin uid> \
    --ucp-password <password> \
    --dtr-external-url <CORRECT dtr url>
    
  4. Import newly generated certificate on client side following these integration steps.