x509: certificate signed by unknown authority – both with docker and with github
docker build -t oreng/iojs .
INFO Get https://index.docker.io/v1/repositories/library/iojs/images: x509: certificate signed by unknown authority.
my Dockerfile is
FROM iojs:latest RUN useradd -ms /bin/bash developer WORKDIR /home/developer USER developer
hub create (using https://github.com/github/hub)
Post https://api.github.com/user/repos: x509: certificate signed by unknown authority
2 Solutions collect form web for “x509: certificate signed by unknown authority – both with docker and with github”
As mentioned in
crypto/x509/root_unix.go, Go (which is what Docker uses) will check CA certificates in
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL "/etc/ssl/ca-bundle.pem", // OpenSUSE "/etc/ssl/cert.pem", // OpenBSD "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly "/etc/pki/tls/cacert.pem", // OpenELEC "/etc/certs/ca-certificates.crt", // Solaris 11.2+
Make sure those files are available and not corrupted.
There can be also sporadic issue with the CDN, as in this comment:
because now it works :+1: . It must be a amazon edge isssue
The last thread also includes the following check:
The user reporting the issue either has non of those files or those files don’t include the
We could ask them to send us those files and check if the certificate is included.
The user may also try this:
openssl s_client -showcerts -verify 32 -connect index.docker.io:443
If that fails, the certificates are missing.
Regarding GitHub, be aware it is under a massive DDoS attack at the moment, which could have other side-effects beside the certificate issue.
In Ubuntu 16.04 , should work with other versions as well
Create/copy .crt under /usr/local/share/ca-certificates;
sudo cp installaiton/certificates/docker-registry.crt /usr/local/share/ca-certificates
And then run
This will add the certificate under “/etc/ssl/certs/ca-certificates.crt”
and then restart docker
sudo systemctl daemon-reload sudo systemctl restart docker