Docker login failed to private Repository

jtarjanyi · November 27, 2024, 5:29pm

Hello,

There is a remote docker repository on nexus.connex.ro:8063
I want to skip certification validation so I have added the repository as “insecure-registries”.
Unfortunately when I try to login it still complains tls: failed to verify certificate:

This is my /etc/docker/daemon.json

{
  "insecure-registries" : ["nexus.connex.ro:8063"]
}

The remote repository use a self singed certificate. I have tried to save the cert into a file and put it into the /etc/docker/certs.d/nexus.connect.ro/ folder as a .crt file, but nothing changed.

This is the error message what I got:

Error response from daemon: Get "https://nexus.connex.ro:8063/v2/": tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead

Any advise how can I connect to this repo?

rimelek · November 28, 2024, 8:04pm

I’m pretty sure you did that, but I still ask. Did you restart the Docker daemomn after changing the config file?

If you did, maybe this type of TLS error is not allowed even with insecure registries. I’m not sure.

jtarjanyi · November 29, 2024, 10:56am

Of course I did.

What I dont understand, why the cert is not accepted despite of I have added it as trusted cert into /etc/docker/certs.d/nexus.connect.ro/

Nexus uses a self signed cert unfortunately but other team has no issue with it. they just simply used

{
  "insecure-registries" : ["nexus.connex.ro:8063"]
}

I have the same settings, but still have the issue

jtarjanyi · November 29, 2024, 12:57pm

Finally I was able to find what is the issue. Despite of I have “insecure-repositories” in my /etc/docker/daemon.json my docker service did not pick it up. docker info command indicate this becasue only 127.0.0.0/8 was under the Insecure Registries:

Why? Becasue it was installed by snap! This installation have other daemon.json in /snap/docker/2963/config/daemon.json and of course this have no insecure settings.

Editing the proper daemon.json fixed the issue.

rimelek · November 29, 2024, 1:21pm

That explains everything. Thank you for sharing it. We generally don’t recommend the snap package as that is not supported by Docker Inc directly, but by Canonical

system · December 9, 2024, 1:21pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Push to a private registry not receiving / Certificat not accepted General	2	3817	May 23, 2016
Docker Login Error response from daemon <internal NEXUS domain> proxyconnect tcp: EOF Docker Desktop docker	0	2513	April 23, 2020
Private registry always returns x509: certificate signed by unknown authority General	3	18159	July 16, 2019
Problem with insecure-registries Docker Desktop windows	2	151	December 11, 2024
Tls: failed to parse certificate from server: x509: unsupported elliptic curve Docker Engine	2	7737	October 6, 2015

Docker login failed to private Repository

Related topics