Docker Community Forums

Share and learn in the Docker community.

[SOLVED]Cant connect to DTR throw "docker login"

Hi,

i have just reinstall docker dtr from the start and i can get to it throw the web
and it works fine but when i go to a worker machine and run :

docker login dtr.docker.ovm
Username :
Password:
Error response from daemon: Get https://dtr.docker.ovm/v1/users/: x509: certificate signed by unknown authority

because i had issues with this in the GUI before i reinstalled - but now the GUIworks and the login not
when i try to get to https://dtr.docker.ovm/v1/users/ i dont even have this url
i have https://dtr.docker.ovm/users/ which works fine.

Hey,

You just need to retrust the cert again. You can do something like:

  1. curl -k https://dtr.docker.ovm/ca > dtr.crt

  2. Copy that to /usr/local/share/ca-certificates

  3. Run sudo update-ca-certificates

That assumes you’re running Ubuntu, but the process for RHEL shouldn’t be much different. Hopefully that helps.

Hi,

thank you for responding.
im using Centos 7
i did step 1 and 2 on the worker machine but i dont have this command update-ca-certificates i ran update-ca-trust
instead but still :
Error response from daemon: Get https://dtr.docker.ovm/v1/users/: x509: certificate signed by unknown authority

and i dont have the file /usr/local/share/ca-certificates
i have
/usr/share/doc/ca-certificates-2015.2.6/
/usr/share/pki/ca-trust-legacy/
/etc/pki/ca-trust/source/

and i even created
/usr/local/share/ca-certificates/
but still.

There are actually some docs that explain things in more depth here. The short answer for CentOS is that you have to convert the certificate to a PEM file (using openssl), run update-ca-trust and then restart the docker daemon.

Thank you! i have solved it.

what i did :

  1. Exported the cert from DTR
    > curl -k https://dtr.docker.ovm/ca > dtr.crt
    2.moving the cert to /etc/pki/ca-trust/source/anchors/

  2. changing cert name to dtr hostname.cert - > dtr.docker.ovm.crt

  3. running this commands :
    export DOMAIN_NAME=dtr.docker.ovm

    openssl s_client -connect $DOMAIN_NAME:443 -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | sudo tee /etc/pki/ca-trust/source/anchors/$DOMAIN_NAME.crt

    update-ca-trust

    /bin/systemctl restart docker.service

and docker login worked!!!
Thanks.

1 Like

I think in your case you can even omit steps #1 to #3 and just run step #4. Really glad you got it working!