三步解决Docker拉取镜像报错：x509: certificate has expired or is not yet v..

报错信息：

......
47a32314928e: Waiting
f1bef6c845ef: Waiting
b7403b550949: Waiting
313a800f9488: Waiting
f45c5939b598: Waiting
docker: Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet valid.

报错信息翻译过来的意思大概是：证书已过期或尚未有效。

[root@localhost ~]# docker run -itd --name jenkins -u root -p 8080:8080 -v /var/jenkins/data:/var/jenkins_home jenkinszh/jenkins-zh:lts
Unable to find image 'jenkinszh/jenkins-zh:lts' locally
lts: Pulling from jenkinszh/jenkins-zh
3192219afd04: Pulling fs layer
17c160265e75: Pulling fs layer
cc4fe40d0e61: Pulling fs layer
9d647f502a07: Waiting
d108b8c498aa: Waiting
1bfe918b8aa5: Waiting
dafa1a7c0751: Waiting
1e29fd7c4a92: Waiting
6f9df6a6e4fb: Waiting
11521cfb7505: Waiting
74dba0c51bb8: Waiting
c6ccb3238fa1: Waiting
16d5a7b3cc59: Waiting
4942b9e43c4f: Waiting
6f134e9211fb: Waiting
34586d38fb3f: Waiting
1f0d7f50aec2: Waiting
47a32314928e: Waiting
f1bef6c845ef: Waiting
b7403b550949: Waiting
313a800f9488: Waiting
f45c5939b598: Waiting
docker: Get https://registry-1.docker.io/v2/: x509: certificate has expired or is not yet valid.
See 'docker run --help'.

排查解决：

在docker拉取镜像时出现 x509 报错,一般都是证书问题或者系统时间问题导致，可以先执行 date 看一下系统时间对不对,如果服务器系统时间跟现实实际时间对不上的话，一般就是系统时间问题，同步时间即可。

1.系统时间问题

[root@localhost ~]# date
2021年 01月 08日 星期五 16:59:26 CST    //系统时间确实不对

- 安装ntpdate

[root@localhost ~]# yum -y install ntpdate
  ntpdate.x86_64 0:4.2.6p5-29.el7.centos.2

- 更新时间同步

[root@localhost ~]# ntpdate cn.pool.ntp.org
^[28 Sep 10:57:20 ntpdate[11911]: step time server 202.118.1.130 offset 22701177.945558 sec

- 查看更新后时间

[root@localhost ~]# date
2021年 09月 28日 星期二 10:57:31 CST

验证：

[root@localhost ~]# docker run -itd --name jenkins -u root -p 8080:8080 -v /var/jenkins/data:/var/jenkins_home jenkinszh/jenkins-zh:lts
Unable to find image 'jenkinszh/jenkins-zh:lts' locally
lts: Pulling from jenkinszh/jenkins-zh
3192219afd04: Pull complete
17c160265e75: Pull complete
cc4fe40d0e61: Pull complete
9d647f502a07: Downloading [===========================>                       ]  26.72MB/48.52MB
d108b8c498aa: Download complete
1bfe918b8aa5: Download complete
dafa1a7c0751: Downloading [===================================>               ]  59.32MB/83.7MB

可以看到现在已经可以正常拉取镜像了。

2.证书问题

证书问题需要编辑 /etc/docker/daemon.json 文件，在配置文件中添加 "registry-mirrors":["https://docker.mirrors.ustc.edu.cn"] 配置。

- 编辑/etc/docker/daemon.json文件

[root@localhost ~]# vim /etc/docker/daemon.json
"registry-mirrors":["https://hx983jf6.mirror.aliyuncs.com","https://docker.mirrors.ustc.edu.cn"],  //第一个是镜像加速配置
"graph":"/mnt/data"    //修改Docker默认存储路径配置
}

- 更新docker/daemon.json配置

[root@localhost ~]# systemctl daemon-reload  

- 重启docker服务

[root@localhost ~]# systemctl restart docker 

验证：

[root@localhost ~]# docker run -itd --name jenkins -u root -p 8080:8080 -v /var/jenkins/data:/var/jenkins_home jenkinszh/jenkins-zh:lts
Unable to find image 'jenkinszh/jenkins-zh:lts' locally
lts: Pulling from jenkinszh/jenkins-zh
3192219afd04: Pull complete
17c160265e75: Pull complete
cc4fe40d0e61: Pull complete
9d647f502a07: Downloading [=>                                                 ]  1.505MB/50.07MB
d108b8c498aa: Downloading [=>                                                 ]  150.7kB/4.935MB
1bfe918b8aa5: Download complete
dafa1a7c0751: Downloading [=========>                                         ]  19.42MB/104.2MB
1e29fd7c4a92: Waiting