R
R
Ruslan2019-11-25 13:58:42
ubuntu
Ruslan, 2019-11-25 13:58:42

How to add Root CA from latsencrypt.org to ubuntu so that docker pull can download it from its own image registry?

Hello!
Please tell me how to solve the following problem:
When trying to download an image from the native docker image registry using the docker pull command, an error occurs: "x509: certificate signed by unknown authority"
Registry is configured to use ssl, using a certificate obtained from LetsEncrypt
Windows this certificate defines as valid, docker desktop on windows downloads images from this registry without any problems.
How does docker in ubuntu check the validity of ssl: itself or does it use some third-party tools for this, for example, the tools provided by ububntu?
What tools does my ubuntu specifically use: native or third-party?
How to determine which root certificates docker will trust?
How to add a new certificate to the list of trusted certificates in ubuntu so that docker will start trusting the certificates used by the docker image registry?
I am not an expert in ubuntu administration.
I tried many methods, but the error still repeats. please give more methods.
Thank you.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
Ruslan, 2019-11-25
@Razbezhkin

The solution turned out to be this:
in the /etc/docker/certs.d folder, create a folder with the same name as the image repository host name (for example, my-https.registry.example.com) and copy the public key certificates received from LetsEncrypt into it, this usually certificate.crt and ca_bundle.crt files
This is written in the documentation https://docs.docker.com/engine/security/certificates/
Many thanks to all who responded!

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question