Failed to verify certificate: x509: cannot validate certificate for xx.xx.xx.xx because it doesn't contain any IP SANs

yuesong_teh · ‎10 Oct 2025

Hi All,

Am facing this issue when trying to download both AG & OA images.
We have architecture where k8 is on prem which have no direct connection to Dynatrace SaaS, we also have an on-prem AG that can connect to Dynatrace SaaS.

What we had modified is setting the apiURL to point to on-prem AG and some other modifications:
- skipCertCheck is true
- try on to configure trustedCA (but this might not be applicable as current issue is the AG cert doesn't contain any IP SAN which is different with common one where they faced issue of certificate signed by unknown authority)

Current workaround is getting image from private registry which we would not like to go with this option as it is hard to maintain those image and yeah the version update (not considering CICD pipeline to update image for now)

Hence would like to seek advice on solving this matter.

Thanks.

Julius_Loman · ‎26 Oct 2025

This setup won't work as you need to set up DynaKube against the Dynatrace environment. The Docker registry is available on the cluster only. While the Dynatrace API is also available through the Environment ActiveGate, the Docker repository is not. I don't think this scenario of connecting DynaKube to Environement AG is even supported.

If you are not allowed to pull images from public repositories, then pushing them to your private registry is the only option. It's less complicated than it sounds.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner