Docker login failed to private Repository

Hello,

There is a remote docker repository on nexus.connex.ro:8063
I want to skip certification validation so I have added the repository as “insecure-registries”.
Unfortunately when I try to login it still complains tls: failed to verify certificate:

This is my /etc/docker/daemon.json

{
  "insecure-registries" : ["nexus.connex.ro:8063"]
}

The remote repository use a self singed certificate. I have tried to save the cert into a file and put it into the /etc/docker/certs.d/nexus.connect.ro/ folder as a .crt file, but nothing changed.

This is the error message what I got:

Error response from daemon: Get "https://nexus.connex.ro:8063/v2/": tls: failed to verify certificate: x509: certificate relies on legacy Common Name field, use SANs instead

Any advise how can I connect to this repo?

I’m pretty sure you did that, but I still ask. Did you restart the Docker daemomn after changing the config file?

If you did, maybe this type of TLS error is not allowed even with insecure registries. I’m not sure.

Of course I did.

What I dont understand, why the cert is not accepted despite of I have added it as trusted cert into /etc/docker/certs.d/nexus.connect.ro/

Nexus uses a self signed cert unfortunately but other team has no issue with it. they just simply used

{
  "insecure-registries" : ["nexus.connex.ro:8063"]
}

I have the same settings, but still have the issue :frowning:

Finally I was able to find what is the issue. Despite of I have “insecure-repositories” in my /etc/docker/daemon.json my docker service did not pick it up. docker info command indicate this becasue only 127.0.0.0/8 was under the Insecure Registries:

Why? Becasue it was installed by snap! This installation have other daemon.json in /snap/docker/2963/config/daemon.json and of course this have no insecure settings.

Editing the proper daemon.json fixed the issue.

That explains everything. Thank you for sharing it. We generally don’t recommend the snap package as that is not supported by Docker Inc directly, but by Canonical

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.