Docker Community Forums

Share and learn in the Docker community.

Secure Registry but x509: certificate signed by unknown authority

docker

(Cristian Martínez) #1

Hello

I have a problem with my own registry.
I’ve create a docker service in my local net importing the certificate files following this steps https://docs.docker.com/registry/deploying/#run-the-registry-as-a-service

If I access to my registry via web browser to https://myregistry.com/v2/_catalog the page is secure, and I can see that my certificate is valid.

But if I try to pull or push an image in others docker, I get the error:
Failed to pull image “myregistry.com/image:tag”: rpc error: code = Unknown desc = Error response from daemon: Get https://myregistry.com/image:tag/v2/: x509: certificate signed by unknown authority

It works If I set insecure-registries in /etc/docker/daemon.json, but I think there is no neccesary because I have a valid certificate. Am I rigth?

Somebody have the same problem? Some ideas?

Thanks a lot.


(Hackebein) #2

i get the same problem some times. There is no interval, it’s random.

Get https://registry-1.docker.io/v2/: x509: certificate is valid for c809c96ddcf7bc559f265b1e68766f42.1d7da056499fbb18d969e9007cb7e7fd.traefik.default, not registry-1.docker.io

every time i get a wrong cert, i get a cert for “c809c96ddcf7bc559f265b1e68766f42.1d7da056499fbb18d969e9007cb7e7fd.traefik.default”


(Hackebein) #3

i’m limited to 2 links/post … sorry for the double post.

an other example:

Get https://auth.docker.io/token?account=hackebein&scope=repository%3Alibrary%2Falpine%3Apull&service=registry.docker.io: x509: certificate is valid for c809c96ddcf7bc559f265b1e68766f42.1d7da056499fbb18d969e9007cb7e7fd.traefik.default, not auth.docker.io


(Hackebein) #4

Some CI links through which I became aware of the problem. Both showing the problem by pulling an image.

https://drone.hackebein.de/Hackebein/docker-ts3server/27/35

https://drone.hackebein.de/Hackebein/docker-ts3server/26/32

there are more, …