Rich Megginson (richmegginson) wrote,
Rich Megginson
richmegginson

How to fix docker when it cannot pull due to "x509: certificate signed by unknown authority"

I've been having this problem on Fedora 23 with docker 1.9.1 build ee06d03/1.9.1.  When I would use docker pull, it would give me a cert error:
 # docker pull some/image:tag
 Trying to pull repository docker.io/some/image ... failed
 Error while pulling image: Get https://index.docker.io/v1/repositories/some/image/images: x509: certificate signed by unknown authority
Not sure why docker can't just use the system cert bundle. Looking at the code: https://github.com/docker/docker/blob/1061c56a5fc126a76344ea9dca9aa5f5e75eb902/registry/registry.go#L102 docker looks for /etc/docker/certs.d/$hostname and looks for a CA cert bundle in that directory. So I just did this:
 # cd /etc/docker/certs.d
 mkdir docker.io
 cd docker.io
 ln -s /etc/pki/tls/certs/ca-bundle.crt
 ln -s /etc/pki/tls/certs/ca-bundle.trust.crt
 systemctl restart docker
Now docker pull works fine for the Dockerhub repo.
Tags: certificates, docker, x509
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments