I found my self scratching my head on this one. Using Docker for AWS to deploy a swarm cluster and to manage it. I have also setup a Private repo that works fine with Docker for Windows and Docker for MAC. But when I try to login it does not like the certificate even though it is a validate Go Daddy certificate. I am getting the “x509: certificate signed by unknown authority” error.

The fun part in all of this is the nodes are Moby Linux and most of the OS is Read-only. Plus the nodes are in an auto scaling group so they will come and go. How can I push or have the cluster trust certs with out needed to management each node?

Is it possibly a certificate chain issue? Do you need to perhaps bundle GoDaddy’s CA certificates with your own so there’s a chain linking back to one of the out-of-the-box CAs?

I can see the CA certs on the OS and my certs are signed directly from those CA that the OS has certs for. That is what is strange.

@sjlongland You were correct. It was a certificate chain issue. As soon as I put in the chain in it worked without an issue at my registry SSL termination point. Thanks!