[GH-ISSUE #4668] Cannot update docker image #2970

New issue

Open

opened 2026-02-26 07:37:26 +03:00 by kerem · 1 comment

kerem commented

2026-02-26 07:37:26 +03:00

Owner

Originally created by @infracritical on GitHub (Jul 21, 2025).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4668

[root@srvr npm]# docker login ghcr.io -u xxx
Password:
Error response from daemon: Get "https://ghcr.io/v2/": Get "https://ghcr.io/token?account=infracritical&client_id=docker&offline_token=true&service=ghcr.io": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) (Client.Timeout exceeded while awaiting headers)

I also tried this:

[root@srvr npm]# curl -v -u $USER:$CR_TOKEN https://ghcr.io/v2/

Trying 140.82.114.34:443...
Connected to ghcr.io (140.82.114.34) port 443 (#0)
ALPN, offering h2
ALPN, offering http/1.1
CAfile: /etc/pki/tls/certs/ca-bundle.crt
TLSv1.0 (OUT), TLS header, Certificate Status (22):
TLSv1.3 (OUT), TLS handshake, Client hello (1):
TLSv1.2 (IN), TLS header, Certificate Status (22):
TLSv1.3 (IN), TLS handshake, Server hello (2):
TLSv1.2 (IN), TLS header, Finished (20):
TLSv1.2 (IN), TLS header, Unknown (23):
TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
TLSv1.2 (IN), TLS header, Unknown (23):
TLSv1.3 (IN), TLS handshake, Certificate (11):
TLSv1.2 (IN), TLS header, Unknown (23):
TLSv1.3 (IN), TLS handshake, CERT verify (15):
TLSv1.2 (IN), TLS header, Unknown (23):
TLSv1.3 (IN), TLS handshake, Finished (20):
TLSv1.2 (OUT), TLS header, Finished (20):
TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
TLSv1.2 (OUT), TLS header, Unknown (23):
TLSv1.3 (OUT), TLS handshake, Finished (20):
SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
ALPN, server accepted to use h2
Server certificate:
subject: CN=*.ghcr.io
start date: May 14 00:00:00 2025 GMT
expire date: May 14 23:59:59 2026 GMT
subjectAltName: host "ghcr.io" matched cert's "ghcr.io"
issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
SSL certificate verify ok.
Using HTTP2, server supports multi-use
Connection state changed (HTTP/2 confirmed)
Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
TLSv1.2 (OUT), TLS header, Unknown (23):
TLSv1.2 (OUT), TLS header, Unknown (23):
TLSv1.2 (OUT), TLS header, Unknown (23):
Server auth using Basic with user 'root'
Using Stream ID: 1 (easy handle 0x560f6fdc86c0)
TLSv1.2 (OUT), TLS header, Unknown (23):

GET /v2/ HTTP/2
Host: ghcr.io
authorization: Basic cm9vdDo=
user-agent: curl/7.76.1
accept: /

TLSv1.2 (IN), TLS header, Unknown (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
TLSv1.2 (IN), TLS header, Unknown (23):
TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
old SSL session ID is stale, removing
TLSv1.2 (IN), TLS header, Unknown (23):
TLSv1.2 (OUT), TLS header, Unknown (23):
TLSv1.2 (IN), TLS header, Unknown (23):
< HTTP/2 401
< content-type: application/json
< www-authenticate: Bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull"
< date: Mon, 21 Jul 2025 15:43:42 GMT
< content-length: 73
< x-github-request-id: EF67:295D9D:97929:A4542:687E602E
<
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required"}]}
Connection #0 to host ghcr.io left intact

Then tried this:

[root@srvr npm]# docker login ghcr.io -u xxx | echo "$CR_PAT"

=======

I am attempting to use "dockcheck.sh" - which DID work at one point in time.

What am I doing wrong?

Originally created by @infracritical on GitHub (Jul 21, 2025). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/4668 [root@srvr npm]# docker login ghcr.io -u xxx Password: Error response from daemon: Get "https://ghcr.io/v2/": Get "https://ghcr.io/token?account=infracritical&client_id=docker&offline_token=true&service=ghcr.io": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers) (Client.Timeout exceeded while awaiting headers) I also tried this: [root@srvr npm]# curl -v -u $USER:$CR_TOKEN https://ghcr.io/v2/ * Trying 140.82.114.34:443... * Connected to ghcr.io (140.82.114.34) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/pki/tls/certs/ca-bundle.crt * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS header, Certificate Status (22): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS header, Finished (20): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.2 (OUT), TLS header, Finished (20): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=*.ghcr.io * start date: May 14 00:00:00 2025 GMT * expire date: May 14 23:59:59 2026 GMT * subjectAltName: host "ghcr.io" matched cert's "ghcr.io" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.2 (OUT), TLS header, Unknown (23): * Server auth using Basic with user 'root' * Using Stream ID: 1 (easy handle 0x560f6fdc86c0) * TLSv1.2 (OUT), TLS header, Unknown (23): > GET /v2/ HTTP/2 > Host: ghcr.io > authorization: Basic cm9vdDo= > user-agent: curl/7.76.1 > accept: */* > * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * TLSv1.2 (IN), TLS header, Unknown (23): * TLSv1.2 (OUT), TLS header, Unknown (23): * TLSv1.2 (IN), TLS header, Unknown (23): < HTTP/2 401 < content-type: application/json < www-authenticate: Bearer realm="https://ghcr.io/token",service="ghcr.io",scope="repository:user/image:pull" < date: Mon, 21 Jul 2025 15:43:42 GMT < content-length: 73 < x-github-request-id: EF67:295D9D:97929:A4542:687E602E < {"errors":[{"code":"UNAUTHORIZED","message":"authentication required"}]} * Connection #0 to host ghcr.io left intact Then tried this: [root@srvr npm]# docker login ghcr.io -u xxx | echo "$CR_PAT" <nothing shown here> ======= I am attempting to use "dockcheck.sh" - which DID work at one point in time. What am I doing wrong?

kerem added the

stale

label

2026-02-26 07:37:26 +03:00

kerem commented

2026-02-26 07:37:27 +03:00

Author

Owner

@github-actions[bot] commented on GitHub (Feb 1, 2026):

Issue is now considered stale. If you want to keep it open, please comment 👍

@github-actions[bot] commented on GitHub (Feb 1, 2026): Issue is now considered stale. If you want to keep it open, please comment :+1:

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#2970

No description provided.

Rows
Columns