Docker Community Forums

Share and learn in the Docker community.

Spinning my wheels with DTR - Certificates and Remote Login

(Michael Wilde) #1
  • Installed DTR on the root of my domain… say “” (not the domain… but follow me).
  • Have the SSL certs installed and they are valid. How do i know. My browser says they are valid.
  • The DTR web interface works just fine.

Attempt to login to DTR from my laptop results in:

bash-3.2$ docker login
Username: admin
Error response from daemon: invalid registry endpoint unable to ping registry endpoint
v2 ping attempt failed with error: Get x509: certificate signed by unknown authority
 v1 ping attempt failed with error: Get x509: certificate signed by unknown authority. If this private registry supports only HTTP or HTTPS with an unknown CA certificate, please add `--insecure-registry` to the daemon's arguments. In the case of HTTPS, if you have access to the registry's CA certificate, no need for the flag; simply place the CA certificate at /etc/docker/certs.d/

So… thats odd, becuase GoDaddy is a known CA. So whatever, thats cool. I grab godaddy’s cert, stick in the /etc/docker/certs.d/ and call it “ca.crt”. I even run
openssl x509 -in ca.crt -text -noout
just to check. Totally valid. Even restarted DTR and the whole Docker service.

Still failure. Everything in Docker is easy or solveable. This isn’t… why? Any clue?

(Kevin Finley) #2

In the DTR admin, you have to have the intermediate certificate and certificate in the correct order.

You can check this by running “openssl s_client -connect < /dev/null | openssl x509 -text

Correct order is as follows:

Maa92tydhoetd … My certificate …
Mab3onNNdofd … Intermediate certificate …