You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.
Join groupJoin the community to find out what other Atlassian users are discussing, debating and creating.
Hi,
I'm using bitbucket pipelines and try to configure a step to authenticate to my private registry deployed with a self-signed certificate.
but the following command returns : "x509: certificate signed by unknown authority"
docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD registry.my-company.com
On a linux-based normal build environnement, I normally use the method described there to specify my certificate authority : Docker registry - use self signed certificates which is :
cp certs/domain.crt /usr/local/share/ca-certificates/myregistrydomain.com.crt update-ca-certificates
But with bitbucket pipelines I did not find the way to interact with docker daemon to tell him to use my certificate authority as it is started in a separate instance.
How to tell docker daemon to trust my certificate ?
Here is my basic bitbucket-pipelines configuration file :
image: atlassian/default-image:1
pipelines:
default:
- step:
services:
- docker
script:
- docker login --username $DOCKER_HUB_USERNAME --password $DOCKER_HUB_PASSWORD registry.my-company.com
Thank you for your kind help :)
Hi,
Pipelines provides no mechanism for restarting the Docker daemon. You're going to need to figure out a workaround that doesn't need to do this. Which the Docker documentation suggests there aren't any.
I'd suggest opening a ticket here to track being able to interact with the Docker daemon: https://bitbucket.org/site/master/issues/new
Unfortunately I can't think of any more specific guidance here.
Thanks,
Phil
Hi Phil,
Thank you for taking the time to answer!
You confirmed my thought about the docker daemon.
Knowing that, as a workaround I am thinking to redeploy a docker repository proxy with a Lets-encrypt certificate following this kind of procedure.
Like that I just need to change my repository proxy, not the repository itself that stay private.
I will let you know if it works.
Thanks.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
I am also getting same error "x509: certificate signed by unknown authority" when I am trying to connect my harbor registry from bitbucket pile line script.
Please let me know is there any way to resolve this issue ?
script:
- docker login --username $HARBOR_USERNAME --password $HARBOR_PASSWORD registry.my-company.com
Thanks,
Koushik
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Marc-Antoine,
have you found any workaround for that? Did you solve this issue somehow?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I am also facing the same error "error "x509: certificate signed by unknown authority" with docker login in bitbucket pipeline
Did anyone find any workaround?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
it's 2021 and still no solution? Did atlassian let this one slip through the cracks? It seems like a feature a lot of people would want.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi everyone, We are looking to learn more about development teams’ workflows and pain points, especially around DevOps, integrations, administration, scale, security, and the related challeng...
Connect with like-minded Atlassian users at free events near you!
Find an eventConnect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.
Host an eventYou're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.