Docker login fails with TLS timeout

General
1

Operating system : Fedora Linux
[root@localhost docker]# docker version
Client:
Version: 28.5.1

Server:
Version: 28.5.1

Problem/Issue: Unable to login to the docker user account
Error received: Error response from daemon: Get “https://registry-1.docker.io/v2/”: http: server gave HTTP response to HTTPS client

Steps taken:

Tried restarting the docker.service
Used CURL to check the connectivity

[root@localhost docker]# curl -v https://registry-1[dot]docker[dot]io/v2/

  • Host registry-1[dot]docker[dot]io:443 was resolved.
  • IPv6: (none)
  • IPv4: 98.86.67.135, 35.170.36.185, 52.55.128.105, 44.210.197.112, 34.237.6.69, 72.44.47.18, 18.211.64.178, 54.204.33.105
  • Trying 98.86.67.135:443…
  • ALPN: curl offers h2,http/1.1
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • CAfile: /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
  • CApath: none
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256 / x25519 / RSASSA-PSS
  • ALPN: server accepted h2
  • Server certificate:
  • subject: CN=*.docker.com
  • start date: Sep 24 00:00:00 2025 GMT
  • expire date: Oct 23 23:59:59 2026 GMT
  • subjectAltName: host “registry-1[dot]docker[dot]io” matched cert’s “*.docker.io”
  • issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M01
  • SSL certificate verify ok.
  • Connected to registry-1[dot]docker[dot]io (98.86.67.135) port 443
  • using HTTP/2

GET /v2/ HTTP/2
Host: registry-1[dot]docker[dot]io
User-Agent: curl/8.11.1
Accept: /
< HTTP/2 401
< date: Mon, 27 Oct 2025 05:31:02 GMT
< content-type: application/json
< content-length: 87
< docker-distribution-api-version: registry/2.0
< www-authenticate: Bearer realm=“auth[dot]docker[dot]io/token”,service=“registry[dot]docker[dot]io”
< strict-transport-security: max-age=31536000
{“errors”:[{“code”:“UNAUTHORIZED”,“message”:“authentication required”,“detail”:null}]}

Has anyone faced similar error? Please help me on this

4

The curl output shows the correct SAN and Issuer for the certificate, So dns seems to resolve to the correct ips (=randomly changing aws loadbalancer ips), and your host accesses the first entry from the multi-value dns response.

It almost looks like registry-1.docker.io is configured as insecure-registry.
Can you share the output of cat /etc/docker/daemon.json?