How Do You Solve the Docker Error “x509 certificate signed by unknown authority”?

Problem scenario
When you use docker login from a client server and you are challenged for credentials.  But after you enter the password and press enter you get this error:  "Error response from daemon: Get https://: x509: certificate signed by unknown authority"

You do not login to the Docker registry.  How do you get around this problem so you can log into the Docker registry?

Solution
Use one solution or the other.  Do not use both solutions!

Possible solution #1(less secure method; good for when no one else has access to the Docker registry server and it is just for learning)
1.  On the client server back up /etc/default/docker (if it is an important server or if you are very concerned).  Then modify this file.

Add this line to the file (but replace "FQDNofDockerRegistryServer" with the FQDN of the Docker registry server):

DOCKER_OPTS="--insecure-registry FQDNofDockerRegistryServer:443"

2.  Restart the Docker services on this client:

sudo service docker restart

3.  Now try docker login again.

Possible solution #2(more secure method; preferable when you have access to the Docker registry server)
1.  On the client server back up /etc/ssl/certs/ca-certificates.crt

2.  Copy from the Docker registry server this file: /etc/ssl/certs/ca-certificates.crt

3.  On the client server, delete the /etc/ssl/certs/ca-certificates.crt file.  Place a copy from the Docker registry server and put it on the client server in the same location and name as you just deleted it.  In other words overwrite the original /etc/ssl/certs/ca-certificates.crt file on the client server with a copy from the Docker registry server.

4.  Restart the Docker services on this client: sudo service docker restart

5.  Now try docker login again.

Leave a comment

Your email address will not be published. Required fields are marked *