fix "docker pull" certificate signed by unknown authority
preface
To use a local repository with Docker, you need to create the repository first. Docker relies on certificates during this process, and if the local repository’s certificates aren’t trusted, Docker will produce an error about the untrusted repository. This occurs because Docker doesn’t recognize the self-signed certificates of your local repository as trustworthy. To fix this, you need to ensure that the certificates used by your local repository are properly configured and trusted by Docker. This might involve adding the certificate to Docker’s trusted certificate list or correctly setting up the repository’s SSL configuration. Doing this will prevent the untrusted repository error and facilitate smooth interaction between Docker and your local repository.
This post originates from my highest-rated answer on Stack Overflow.
steps
There are two main in my opinion possible solutions which can help you
First solution, works without demon restart
- first create an empty json file
cat << _EOF > /etc/docker/daemon.json
{ }
_EOF
- than run the following to add certs
export registry_address="local.repo.com" # adjust to your needs
export registry_port="5000" # adjust to your needs
openssl s_client -showcerts -connect ${registry_address}:${registry_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /etc/docker/certs.d/${registry_address}/ca.crt
Second solution, importing certificate to system
- save the certificate to the file
- ❗ the port is crucial, no need for the protocol ❗
export registry_address="local.repo.com" # adjust to your needs
export registry_port="5000" # adjust to your needs
openssl s_client -showcerts -connect ${registry_address}:${registry_port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ca.crt
- copy extracted certificate to /usr/local/share/ca-certificates/
sudo cp ca.crt /usr/local/share/ca-certificates/
- update system-wide certificates
sudo update-ca-certificates
- restart docker !
sudo systemctl restart docker
# or for non-systemd environments
sudo service docker restart