Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
x509: certificate signed by unknown authority push to local registry
See original GitHub issueBehaviour
Steps to reproduce this issue
Create Github Action CI to login to a local self-hosted Docker registry running a container with SSL and user authentication.
Build images and push to the local registry. Only docker/build-push-action@v2 complains about x509 unknown authority while it works when pushing directly with docker push command.
- name: Copy cert to trust local registry
shell: bash
run: ./cert.sh
- name: Login to self-hosted registry
uses: docker/login-action@v1
with:
registry: a00.fritz.box
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: Build image
id: docker_build
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile
platforms: linux/amd64,linux/arm64
push: true
load: false
no-cache: false
tags: a00.fritz.box/alpine-dummy:master
# Make sure local registry container with cert is configured as described on: https://docs.docker.com/registry/deploying/
# Run act https://github.com/nektos/act
$ act -s DOCKER_USERNAME=username -s DOCKER_TOKEN=password
cert.sh
#!/bin/bash
# Workaround script to copy cert to container as described on: https://docs.docker.com/registry/insecure/
# Instruct every Docker daemon to trust that certificate. The way to do this depends on your OS.
mkdir -p /etc/docker/certs.d/a00.fritz.box
mkdir -p /etc/docker/certs.d/a00.fritz.box:5000
sudo cp ca.crt /etc/docker/certs.d/a00.fritz.box/ca.crt
sudo cp ca.crt /etc/docker/certs.d/a00.fritz.box:5000/ca.crt
sudo cp ca.crt /usr/local/share/ca-certificates/a00.fritz.box.crt
sudo cp ca.crt /usr/local/share/ca-certificates/a00.fritz.box:5000.crt
cat /etc/docker/certs.d/a00.fritz.box:5000/ca.crt
update-ca-certificates
Output
| #6 pushing layers 0.0s done
| #6 ERROR: failed to do request: Head "https://a00.fritz.box/v2/alpine-dummy/blobs/sha256:1fb7c5c6c72df48c396ed61d2928a3dc0b5b936d9f1634d63071d0c0a3c488fa": x509: certificate signed by unknown authority
| ------
| > exporting to image:
| ------
| error: failed to solve: failed to do request: Head "https://a00.fritz.box/v2/alpine-dummy/blobs/sha256:1fb7c5c6c72df48c396ed61d2928a3dc0b5b936d9f1634d63071d0c0a3c488fa": x509: certificate signed by unknown authority
[CI/Build image] ❗ ::error::buildx failed with: error: failed to solve: failed to do request: Head "https://a00.fritz.box/v2/alpine-dummy/blobs/sha256:1fb7c5c6c72df48c396ed61d2928a3dc0b5b936d9f1634d63071d0c0a3c488fa": x509: certificate signed by unknown authority
[CI/Build image] ❌ Failure - Build image
Error: exit with `FAILURE`: 1
Expected behaviour
Identical behavior which works without complaining about the certificate:
- name: Publish to local registry
run: |
docker login a00.fritz.box
docker push a00.fritz.box/alpine-dummy:master
# All success!
name: CI
on:
push:
branches:
- master
jobs:
build:
name: Build image
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Set up QEMU
uses: docker/setup-qemu-action@v1
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Copy cert to trust local registry
shell: bash
run: ./cert.sh
- name: Login to self-hosted registry
uses: docker/login-action@v1
with:
registry: a00.fritz.box
username: testuser # ${{ secrets.DOCKER_USERNAME }}
password: testpassword # ${{ secrets.DOCKER_TOKEN }}
- name: Build image
id: docker_build
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile
platforms: linux/amd64 #,linux/arm64
push: true
load: false
no-cache: false
tags: a00.fritz.box/alpine-dummy:master
Issue Analytics
- State:
- Created 2 years ago
- Reactions:2
- Comments:6 (2 by maintainers)
Top Results From Across the Web
Logging into your docker registry fails with x509 certificate - IBM
Logging into your docker registry fails with x509 certificate signed by unknown authority error. Problem. You cannot log in to your docker registry....
Read more >Docker Private Registry: x509: certificate signed by unknown ...
When I push image to localhost:6000, image gets pushed successfully, but when I start using the domain name, it keeps failing with this...
Read more >"docker pull" certificate signed by unknown authority
Store location: local machine; Check place all certificates in the following store; Click Browser, and select Trusted Root Certificate ...
Read more >How to fix Docker error certificate signed by unknown authority ...
1: Create a file /etc/docker/daemon.json and add insecure-registries · 2: Restart the docker daemon by executing the command · 3: Create a directory...
Read more >Docker x509: certificate signed by unknown authority | Resolved
According to our Support Engineers, this specific error is due to upgrading the Docker client during ICP installation along with adding the ICP ......
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@TomaszKlosinski See https://github.com/docker/setup-buildx-action/issues/112#issuecomment-964117393
@crazy-max , is there a particular version of the action that I need to use to make it work?
I’m still having this issue with my workflow: