docker toolbox on windows then docker run hello-world gets x509: certificate signed by unknown authority

Question

Tried many of the examples but none work for me.

My Docker version:

C:\>docker version
Client:
 Version:      1.12.2
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   bb80604
 Built:        Tue Oct 11 17:00:50 2016
 OS/Arch:      windows/amd64
Server:
 Version:      1.12.3
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   6b644ec
 Built:        Wed Oct 26 23:26:11 2016
 OS/Arch:      linux/amd64

I did copy the certs (*.pem) to the /etc/docker/certs.d location but no effect.

docker@default:~$ l /etc/docker/certs.d/
total 24
drwxr-xr-x    2 root     root          4096 Nov 30 17:59 ./
drwxr-xr-x    3 root     root          4096 Nov 30 17:16 ../
-rwxr-xr-x    1 root     root          1679 Nov 30 17:59 ca-key.pem
-rwxr-xr-x    1 root     root          1038 Nov 30 17:59 ca.pem
-rwxr-xr-x    1 root     root          1078 Nov 30 17:59 cert.pem
-rwxr-xr-x    1 root     root          1675 Nov 30 17:59 key.pem

The certs are the ones that are generated when creating the vm.

Appreciate you help on this. Spent a day trying how to solve this.

Message is generated when running docker run hello-world Log is from docker.log located in /var/lib/boot2docker/

time="2016-11-30T18:25:14.233037149Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3 )"
time="2016-11-30T18:25:14.233712555Z" level=error msg="Handler for POST /v1.24/containers/create returned error: No such image: hello-world:latest"
time="2016-11-30T18:25:14.244589790Z" level=debug msg="Calling GET /v1.24/info"
time="2016-11-30T18:25:14.244626594Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3)"
time="2016-11-30T18:25:14.249913910Z" level=debug msg="Calling POST /v1.24/images/create?fromImage=hello-world&tag=latest"
time="2016-11-30T18:25:14.249943955Z" level=debug msg="Client and server don't have the same version (client: 1.12.2, server: 1.12.3)"
time="2016-11-30T18:25:14.250041478Z" level=debug msg="Trying to pull hello-world from https://registry-1.docker.io v2"
time="2016-11-30T18:25:14.327535482Z" level=warning msg="Error getting v2 registry: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
time="2016-11-30T18:25:14.327561850Z" level=error msg="Attempting next endpoint for pull after error: Get https://registry-1.docker.io/v2/: x509: certificate signed by unknown authority"
time="2016-11-30T18:25:14.327574917Z" level=debug msg="Trying to pull hello-world from https://index.docker.io v1"
time="2016-11-30T18:25:14.327587833Z" level=debug msg="hostDir: /etc/docker/certs.d/docker.io"
time="2016-11-30T18:25:14.327858818Z" level=debug msg="[registry] Calling GET https://index.docker.io/v1/repositories/library/hello-world/images"
time="2016-11-30T18:25:14.501831878Z" level=error msg="Not continuing with pull after error: Error while pulling image: Get https://index.docker.io/v1/repositories/library/hello-world/images: x509: certificate signed by unknown authority"

Answer 1

you may be behind a proxy. Try this sudo vi /var/lib/boot2docker/profile

at the end of the profile file add the following

# replace with your office's proxy environment
export "HTTP_PROXY=http://PROXY:PORT"
export "HTTPS_PROXY=http://PROXY:PORT"
# you can add more no_proxy with your environment. 
export "NO_PROXY=192.168.99.*,*.local,169.254/16,*.example.com,192.168.59.*"

then restart boot2docker

The above steps worked for me. I am on windows.

Answer 2

Turns out we are behind a proxy, however those settings would not work with our proxy system of Zscalar. Zscalar interjects its own certificates and event adding those certificates to the Docker's setup would not work. Zscalar does have a SSL bypass setting that exempts a given URL this SSL treatment.

For Docker you must use the URLs of .docker.io and .cloudfront.net