How To Fix The Docker Error x509?

This is a common docker error when trying to log into their docker registry and the error looks like “x509: certificate signed by unknown authority”.

Our Technical team are available to fix all the issues related to Docker and Docker Management.

Cause of this Issue :

This error happens when you are using a self-signed certificate for your docker registry instead of the certificate issued by the trusted certificate authority (CA). Then the docker daemon will not trust your self-signed certificate and it will lead to the x509 error.

Diagnose the Issue :

You can recreate the issue by trying to log into the docker using the below command ;

docker login <docker_registry_host>:<docker_registry_port> -u user -p password 

Eg :

docker login skynats.com:5666 -u admin -p [email protected]

In case of this certificate issue you will get the below error ;

Error response from daemon : Get https://skynats.com:5666/v2/: x509 certificate signed by unknown authority

To Resolve the Issue :

We can make the docker trust the self-signed certificate by copying the self-signed certificate to the “/etc/docker/certs.d/<docker_registry_hostname>:<docker_registry_host_port>/ca.crt” on the machine where you are trying to run the docker login command.

You can follow the below steps to solve this issue ;

1. Create the following directory on the server from which you are trying to run the docker login command.

mkdir -p /etc/docker/certs.d/<dcoker_registry_host>:<docker_registry_host_port>

2. Copy your Docker registry certificate file from your docker registry host to the cluster where you are running docker login.

You should rename your registry certificate file to “/etc/docker/certs.d/<docker_registry_host>:<docker_registry_host_port>/ca.crt”

scp <your_registry_hostname>:/opt/registry/certs/domain.crt /etc/docker/certs.d/<docker_registry_host>:<docker_registry_host_port>/ca.crt

For example ;

mkdir -p /etc/docker/certs.d/skynats.com:5666

scp skynats.com:/opt/registry/certs/domain.crt /etc/docker/certs.d/skynats.com:5666/ca.crt

3. Then you can try to login into your docker registry again.

If you need any further assistance related to Docker our technical team will help you at any time. Contact Us right now

FREE SERVER AUDITING

Get Auditing Report of Your Server for FREE!!