docker login error x509 certificate signed by unknown authority

NOTE: This is a solution that has been tested to work on Ubuntu Server 20.04.3 LTS.  It's likely to work on other Debian-based OSs

Attempting to perform a docker login to a repository which has a TLS certificate signed by a non-world certificate authority (e.g. an internal corporate CA), you may get Error response from daemon: Get <url> x509: certificate signed by unknown authority:-

stuart@docker:~$ docker login docker.acme-corp.local
Username: stuart
Password:
Error response from daemon: Get "https://docker.acme-corp.local/v2/": x509: certificate signed by unknown authority

Solution

  1. Add the root CA certificate (in PEM format) to /usr/local/share/ca-certificates (i.e. /usr/loca/share/ca-certificates/acme-corp-root-ca.cer)
  2. Run update-ca-certificates
    stuart@docker:~$ sudo update-ca-certificates
    Updating certificates in /etc/ssl/certs...
    1 added, 0 removed; done.
    Running hooks in /etc/ca-certificates/update.d...
    done.
    
  3. Restart docker daemon
    stuart@docker:~$ sudo systemctl restart docker
    

The docker login command will now work

Show Comments