Gitlab-ci build docker gives "certificate signed by unknown authority"

With a simple gitlab-ci setup I am trying to build a docker, and I want to push that docker into the registry for that project. But despite the available documentation I am not able to get it to work. The examples are not good enough, or out of date, or both. After following many examples [2] and various attempts I am now stuck at getting this pipeline error

...
$ docker info
errors pretty printing info
Client:
 Debug Mode: false
Server:
ERROR: error during connect: Get https://gitlab.example.com:5050/v1.40/info: x509: certificate signed by unknown authority

The GitLab software is up-to-date (version 13.0.6)

Say the we have this very basic example

variables:
  DOCKER_HOST: tcp://gitlab.example.com:5050

build:
  image: docker:19.03.11
  stage: build
  tags:
    - docker-in-docker
  services:
    - docker:19.03.11-dind
  script:
    - docker info

An I have a runner which I created as follows (see [1])

gitlab-runner register -n \
  --url https://gitlab.example.com/ \
  --registration-token m-secret \
  --executor docker \
  --description "My Privileged Docker Runner" \
  --docker-image "docker:19.03.11" \
  --docker-privileged \
  --docker-volumes "/certs/client"

The CERT of my GitLab server is from Let’s Encrypt. Nothing fancy, just working out of the box, thanks to GitLab.

From a “real” command line the docker login and docker push commands work as expected. So, the built-in registry in GitLab is working, and the CERT is OK.

[1] https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
[2] https://gitlab.m2m4all.com/help/user/packages/container_registry/index

Having the DOCKER_HOST variable was a bad idea. I’ve removed it, and now the build succeeds.

1 Like