Error response from daemon: Get https://index.docker.io/v1/…: x509: certificate signed by unknown authority


Error response from daemon: Get https://index.docker.io/v1/…: x509: certificate signed by unknown authority

You have probably seen similar errors as above when trying to access dockerhub registry behind a corp proxy. I have the same issue here. And I think the issue may be caused by two reasons:
1) index.docker.io now is redirected to registry.hub.docker.com
2) Your corp proxy is the terminating point of the https traffic from external docker repo. It uses organization’s internal certificate to encrypt the https traffics between itself and your machines.

Here is how I make it work:

For docker on Linux, add the following entries into /etc/default/docker (Ubuntu), /etc/sysconfig/docker (Fedora/RHEL/CentOS). Then restart the docker service.

Note: exclude DOCKER_OPTS=”–insecure-registry <registry.my.domain.local>”
NO_PROXY=”<.my.domain.local>” if you don’t have a private registry.

DOCKER_OPTS="--insecure-registry <registry.my.domain.local>"
NO_PROXY="<.my.domain.local>"
HTTP_PROXY="http://<my_proxy:port>/"
HTTPS_PROXY="http://<my_proxy:port>/"
MIRROR_SOURCE="https://registry.hub.docker.com"
MIRROR_SOURCE_INDEX="https://registry.hub.docker.com"

Selection_105.png

For docker toolbox on Windows, create your VM with the following command. Then use ‘registry.hub.docker.com’ as your registry name. e.g docker pull registry.hub.docker.com/centos.

Note: exclude –engine-env NO_PROXY=”<.my.domain.local>”, –engine-insecure-registry=”<registry.my.domain.local>” if you don’t have a private registry.

docker-machine.exe create -d virtualbox \
--engine-env HTTP_PROXY="http://<my_proxy:port>" \
--engine-env HTTPS_PROXY="http://<my_proxy:port>" \
--engine-env NO_PROXY="<.my.domain.local>" \
--engine-insecure-registry="<registry.my.domain.local>" \
--engine-insecure-registry="registry.hub.docker.com" \
mytestbox

docker_on_windows.png

Advertisements

2 thoughts on “Error response from daemon: Get https://index.docker.io/v1/…: x509: certificate signed by unknown authority

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s