Docker private registry Error: certificate signed by unknown authority

Docker supports private registries and there are a few writeups on how to setup a private Docker registry.

You can switch docker to use your local registry with the “docker login” command:

docker login -u httpuser -p httppassword -e randomemail@address

Since you run a private registry you most likely use a self-signed certificate. Docker insists on checking your certificate against a Certificate Authority.

If you are used to OpenSSL and put your CA certificate in /etc/ssl/certs and created a hash link and it still doesn’t work, here is the solution:

Docker is written in go, go looks up the CA certificates in the following files:


Go crypto source reference

You have to attach your CA cert to one of those files as well.

H/T to Jérôme Petazzoni

Leave a Comment