Can't generate a valid certificate. Stuck on "Waiting for SSH to be available..."

My docker version info:

Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:21:34 2018
OS/Arch: windows/amd64
Experimental: false

Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: e68fc7a
Built: Tue Aug 21 17:29:02 2018
OS/Arch: linux/amd64
Experimental: false

I’ve been using Docker for Windows 10 at home successfully for a little over a week and I’ve installed it at work, but I can’t seem to get a VM working.

I’m using the hyperv driver (I’ve created an external virtual switch) and when it gets stuck on waiting for SSH to become available.

If I run docker-machine ls, it gives me the machine and the error:

Unable to query docker version: Get https://[ip-address-here]:2376/v1.15/version: x509: certificate signed by unknown authority.

I’ve tried running docker-machine regenerate-certs on the machine and it again hangs at “Waiting for SSH to be available.” The regenerate-certs seems to be the solution for most cases of this, based on my searches, but it doesn’t work for me. I’ve tried removing the machine and regenerating it. I’ve tried restarting docker. Nothing seems to work.

I can ping the box, but I can’t seem to get it to generate a valid certificate. How can I fix this?


I don’t understand why this is an issue. I’m in a corporate environment. We have our on certificates, but they’re stored under the Trusted Root Certificate Authorities, and as per the Docker For Windows FAQ, these should be recognized.

What else could be causing this?

You can get this error when the docker daemon does not run with certificates/key signed by the same CA as provided with your client.
What is your docker Daemon configuration? C:\ProgramData\docker\config\daemon.json?
And what is your client command?

I’ve read through this documentation. The problem is, I’m an architect/developer, not a security expert.

I installed docker at home and it just worked. So I’m sure we’ve got some sort of certificate thing going on here on our corporate network, but as far as I can tell, the documentation provides no information on how to determine IF this is the case, and if so, how to do the necessary work to make docker work.

Why doesn’t docker do this as part of the install?

As the architect, I’m trying to determine if docker is a good fit for our business. But I don’t want to grab our security guy, who already has a very full plate, and have him waste a lot of time trying to get this to work, just so I can test it out."

I’ve got several books on docker. None of them seem to address this. I find wildly different explanations across the web of how to deal with it, but no single source of usable instructions.

Docker running on Windows 10 still gives various issues. Although MS does it’s best to integrate docker smoothly on Windows 2010 PC’s, at our company most users that use Docker on Windows experience some issues. Users on Linux Desktops or Mac’s hardly ever experience any issues.
Docker on Windows IMHO is still not mature enough, but once you’ve solved the issues with the Hyper-V configuration, certificates and so on, it runs quite well. I run Docker on linux for over 2 years now and support a Jira, Confluence, buildenvironment and more all running in Docker, and I never experience any issues.

If Docker is a good fit or not depends on your use case and you should (as an architect/developer) investigate the security aspects of Docker. Docker is very useful in a development environment to improve the overall build process, but also in a production environment.

Your issue with the certificates has not much to do with the trusted certificates from your company. Probably you first have to solve the issue with “waiting for ssh to be available” as it seems your network is not configured correctly. This could be caused by an (older) installation of VirtualBox. See also: Docker machine stuck on “Waiting for ssh to be available...”.