Hi,
I'm using bitbucket pipelines and try to configure a step to authenticate to my private registry deployed with a self-signed certificate.
but the following command returns : "x509: certificate signed by unknown authority"
docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD registry.my-company.com
On a linux-based normal build environnement, I normally use the method described there to specify my certificate authority : Docker registry - use self signed certificates which is :
cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt update-ca-certificates
But with bitbucket pipelines I did not find the way to interact with docker daemon to tell him to use my certificate authority as it is started in a separate instance.
How to tell docker daemon to trust my certificate ?
Here is my basic bitbucket-pipelines configuration file :
image: atlassian/default-image:1
pipelines:
default:
- step:
services:
- docker
script:
- docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD registry.my-company.com
Thank you for your kind help :)
Hi Marc-Antoine,
have you found any workaround for that? Did you solve this issue somehow?
Hi,
Pipelines provides no mechanism for restarting the Docker daemon. You're going to need to figure out a workaround that doesn't need to do this. Which the Docker documentation suggests there aren't any.
I'd suggest opening a ticket here to track being able to interact with the Docker daemon: https://bitbucket.org/site/master/issues/new
Unfortunately I can't think of any more specific guidance here.
Thanks,
Phil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Phil,
Thank you for taking the time to answer!
You confirmed my thought about the docker daemon.
Knowing that, as a workaround I am thinking to redeploy a docker repository proxy with a Lets-encrypt certificate following this kind of procedure.
Like that I just need to change my repository proxy, not the repository itself that stay private.
I will let you know if it works.
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I am also getting same error "x509: certificate signed by unknown authority" when I am trying to connect my harbor registry from bitbucket pile line script.
Please let me know is there any way to resolve this issue ?
script:
- docker login --username $HARBOR_USERNAME --password $HARBOR_PASSWORD registry.my-company.com
Thanks,
Koushik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I found a solution and thought it might be helpful for someone else who runs across this thread. You can add a CA to java inside the runner using this command:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You can config insecure registry option in docker daemon. https://support.atlassian.com.rproxy.goskope.com/bitbucket-cloud/docs/pipelines-runners-frequently-asked-questions/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you are using a self hosted runner (currently in beta) you can resolve this simply by installing the required certificates on the host on which your runner runs.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I am also facing the same error "error "x509: certificate signed by unknown authority" with docker login in bitbucket pipeline
Did anyone find any workaround?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
it's 2021 and still no solution? Did atlassian let this one slip through the cracks? It seems like a feature a lot of people would want.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.