compose icon indicating copy to clipboard operation
compose copied to clipboard
verified publisher icon docker

x509: certificate signed by unknown authority

Open ruckc opened this issue 3 years ago • 0 comments

Description

Can't pull images with docker-compose pull due to x509: certificate signed by unknown authority with images from a private repository.

Steps to reproduce the issue:

  1. docker compose pull

Describe the results you received:

failed to solve: rpc error: code = Unknown desc = failed to solve with somecontainer dockerfile.v0: failed to create LLB definition: failed to do request: Head "https://artifactory.example.com/v2/registry/image/manifests/latest": x509: certificate signed by unknown authority

Describe the results you expected:

Docker compose to pull the images

Additional information you deem important (e.g. issue happens only occasionally):

I have successfully done docker login to the registry. docker pull <image> works without issue. It is only docker-compose that has the error pulling. We placed the ca.crt in the OS certificate store (/usr/local/share/ca-certificates) and in /etc/docker/certs.d. The OS certificate store is validated known good by testing with curl. The docker/certs.d/artifactory.example.com/ca.crt made docker pull work properly.

Output of docker compose version:

Docker Compose version v2.10.0

Output of docker info:

Client:
 Context:    default
 Debug Mode: false
 Plugins:
  app: Docker App (Docker Inc., v0.9.1-beta3)
  buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
  scan: Docker Scan (Docker Inc., v0.17.0)

Server:
 Containers: 0
  Running: 0
  Paused: 0
  Stopped: 0
 Images: 1
 Server Version: 20.10.17
 Storage Driver: zfs
  Zpool: rpool
  Zpool Health: ONLINE
  Parent Dataset: rpool/ROOT/ubuntu_4q98aw/var/lib
  Space Used By Parent: 7186706432
  Space Available: 630624206848
  Parent Quota: no
  Compression: lz4
 Logging Driver: json-file
 Cgroup Driver: systemd
 Cgroup Version: 2
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: 0197261a30bf81f1ee8e6a4dd2dea0ef95d67ccb
 runc version: v1.1.3-0-g6724737
 init version: de40ad0
 Security Options:
  apparmor
  seccomp
   Profile: default
  cgroupns
 Kernel Version: 5.15.0-46-generic
 Operating System: Ubuntu 22.04.1 LTS
 OSType: linux
 Architecture: x86_64
 CPUs: 8
 Total Memory: 15.34GiB
 Name: d0034
 ID: NWL6:YS32:PRGB:2CNJ:I7D2:2OA2:7VVS:KCHW:KBFR:L2PL:NXIQ:DZV6
 Docker Root Dir: /var/lib/docker
 Debug Mode: false
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false

Additional environment details:

ruckc avatar Aug 24 '22 12:08 ruckc