As mentioned in crypto/x509/root_unix.go , Go (which uses Docker) will check CA certificates in
"/etc/ssl/certs/ca-certificates.crt", // Debian/Ubuntu/Gentoo etc. "/etc/pki/tls/certs/ca-bundle.crt", // Fedora/RHEL "/etc/ssl/ca-bundle.pem", // OpenSUSE "/etc/ssl/cert.pem", // OpenBSD "/usr/local/share/certs/ca-root-nss.crt", // FreeBSD/DragonFly "/etc/pki/tls/cacert.pem", // OpenELEC "/etc/certs/ca-certificates.crt", // Solaris 11.2+
Make sure these files are accessible and not corrupted.
There may also be a sporadic issue with the CDN , as in this comment :
because now it works: +1 :. It should be a matter of Amazon's edge
The last thread also includes the following check:
The user reporting the problem either does not have these files, or these files do not contain the rapidssl certificate.
We could ask them to send us these files and check if the certificate is included.
The user can also try this:
openssl s_client -showcerts -verify 32 -connect index.docker.io:443
If this fails, certificates are missing.
As for GitHub, keep in mind that it is currently undergoing a massive DDoS attack, which may have other side effects besides the certificate issue.
Vonc
source share