I'm hitting the following error when trying to pull the elastcisearch images from dockerhub.
docker-compose pull
Pulling elasticsearch (elasticsearch:2.2.0)...
Pulling repository docker.io/library/elasticsearch
ERROR: Error while pulling image: Get https://index.docker.io/v1/repositories/library/elasticsearch/images: x509: certificate signed by unknown authority
Failed to run with docker-compose
My company has an Intermediate Root CA that I suspect is causing the problem. Any ideas how I should configure Docker to use the company Root CA?
I resolved the problem by adding the CA root .crt file the following directory: /etc/docker/certs.d/docker.io
Steps to resolve on Unbuntu 14:04 with Docker version 1.10.0, build 590d5108 and docker-compose version 1.6.0, build d99cad6:
- In Internet Explorer browse to docker.io/library/elasticsearch and export the companies Intermediate Root CA cert using
DER format
- On Ubuntu
mkdir -p /etc/docker/certs.d/docker.io/
cp <cert from step one>.crt /etc/docker/certs.d/docker.io/service docker restartdocker-compose pull now works and elasticsearch image downloads
More info here: https://docs.docker.com/engine/security/certificates/
On native docker (I'm on a mac), this can be resolved by adding to the insecure registries configuration.
Preferences > Advanced > Insecure Registries
this might happen on local or user registries that might not have root CA signed certificates (these might be self singed). You can use the following steps use these registries:
sudo systemctl edit docker.service
add the registry like this:
[Service]
ExecStart=
ExecStart=/usr/bin/dockerd <some params...> --insecure-registry <your registry here> <other params...>
- Save the file.
- Reload the configuration with
sudo systemctl daemon-reload
- Restart Docker with
sudo systemctl restart docker.service
