Tech Tips

If there is no trusted docker error certificate authority enabled such as the default self-signed certificate generated by DTR or if the certificate was not provided during installation

The first step to fixing the issue is to restart the docker so that the system can detect changes in the OS certificate. The docker has an additional location that we can use to trust individual registry server CA. The CA certificate needs to be placed in

/etc/docker/certs.d/<docker registry>/ca.crt

If we need to include the port number, we need to specify that in the image tag. Eg:

/etc/docker/certs.d/my-registry.example.com:5000/ca.crt

If the above solution does not fix the issue, the following steps need to be carried out –

1: Create a file /etc/docker/daemon.json and add insecure-registries

{

“insecure-registries” : [“docker.domain.com:443”]

}

2: Restart the docker daemon by executing the command

systemctl restart docker

3: Create a directory with the same name as the host

mkdir -p /etc/docker/certs.d/docker.domain.com

4: Save the certificate in the newly created directory

ex +’/BEGIN CERTIFICATE/,/END CERTIFICATE/p’ <(echo | OpenSSL s_client -show certs -connect docker.domain.com:443) -suq > /etc/docker/certs.d/docker.domain.com/docker_registry.crt

At Velan, our server support engineers can help you fix your docker error certificate issue. For details, please visit – Outsourced Managed IT Services