On native docker (I'm on a mac), this can be resolved by adding to the insecure registries configuration. Preferences > Advanced > Insecure Registries

this might happen on local or user registries that might not have root CA signed certificates (these might be self singed). You can use the following steps use these registries:

1. sudo systemctl edit docker.service

2. add the registry like this:

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd <some params...> --insecure-registry <your registry here> <other params...>

3. Save the file.
4. Reload the configuration with sudo systemctl daemon-reload
5. Restart Docker with sudo systemctl restart docker.service

I resolved the problem by adding the CA root .crt file the following directory: /etc/docker/certs.d/docker.io

Steps to resolve on Unbuntu 14:04 with Docker version 1.10.0, build 590d5108 and docker-compose version 1.6.0, build d99cad6:

• In Internet Explorer browse to docker.io/library/elasticsearch and export the companies Intermediate Root CA cert using DER format
• On Ubuntu mkdir -p /etc/docker/certs.d/docker.io/
• cp <cert from step one>.crt /etc/docker/certs.d/docker.io/
• service docker restart
• docker-compose pull now works and elasticsearch image downloads

More info here: https://docs.docker.com/engine/security/certificates/

1. Export the SSL certificate using Firefox.
   • Hit the URL in Firefox
   • Click on advanced, if you see warning or the lock on the URL bar.
   • Export the certificate(In Details tab)
   • Let's assume the cert file name is your.ssl.server.name.crt
2. Copy CA cert to /usr/local/share/ca-certificates.
3. sudo update-ca-certificates
4. sudo service docker restart