x509: certificate signed by unknown authority – both with docker and with github

docker build -t oreng/iojs .

INFO[0000] Get https://index.docker.io/v1/repositories/library/iojs/images: x509: certificate signed by unknown authority. 

my Dockerfile is

  • How to specify an iterator in the volume path when using docker-compose to scale up service?
  • Extend Existing Docker Image
  • Laravel 5 is not reading mysql connection (docker) ubuntu
  • How to take Oracle-xe-11g backup from running Docker container
  • debug spring-boot in docker
  • Plotting R objects within docker container
  • FROM iojs:latest
    RUN useradd -ms /bin/bash developer
    WORKDIR /home/developer
    USER developer
    

    Also hub create (using https://github.com/github/hub)

    Post https://api.github.com/user/repos: x509: certificate signed by unknown authority 
    

  • ERR_TOO_MANY_REDIRECTS in backoffice when running Prestashop in Docker
  • Resolving env inside another env
  • Jenkins pipeline: docker.withServer(…) does not execute docker commands on remote server
  • Can't connect to Express server inside Docker container created with docker-compose
  • how to run Docker in Travis hosted in travis-ci.com
  • Docker build tag repository name
  • 2 Solutions collect form web for “x509: certificate signed by unknown authority – both with docker and with github”

    As mentioned in crypto/x509/root_unix.go, Go (which is what Docker uses) will check CA certificates in

    "/etc/ssl/certs/ca-certificates.crt",     // Debian/Ubuntu/Gentoo etc.
    "/etc/pki/tls/certs/ca-bundle.crt",       // Fedora/RHEL
    "/etc/ssl/ca-bundle.pem",                 // OpenSUSE
    "/etc/ssl/cert.pem",                      // OpenBSD
    "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly
    "/etc/pki/tls/cacert.pem",                // OpenELEC
    "/etc/certs/ca-certificates.crt",         // Solaris 11.2+
    

    Make sure those files are available and not corrupted.

    There can be also sporadic issue with the CDN, as in this comment:

    because now it works :+1: . It must be a amazon edge isssue

    The last thread also includes the following check:

    The user reporting the issue either has non of those files or those files don’t include the rapidssl cert.
    We could ask them to send us those files and check if the certificate is included.
    The user may also try this:

    openssl s_client -showcerts -verify 32 -connect index.docker.io:443
    

    If that fails, the certificates are missing.

    Regarding GitHub, be aware it is under a massive DDoS attack at the moment, which could have other side-effects beside the certificate issue.

    In Ubuntu 16.04 , should work with other versions as well

    Create/copy .crt under /usr/local/share/ca-certificates;

    sudo cp installaiton/certificates/docker-registry.crt 
     /usr/local/share/ca-certificates
    

    And then run

    sudo update-ca-certificates
    

    This will add the certificate under “/etc/ssl/certs/ca-certificates.crt”
    and then restart docker

    sudo systemctl daemon-reload
    sudo systemctl restart docker
    
    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.