Using own image on CI/CD "failed to verify certificate: x509: certificate signed by unknown authority"

Hello, everyone!

I’ve encountered a specific issue within my testing environment. My workflow involves writing tests that execute my application. In the CI/CD pipeline, the process starts with building the image, followed by the application launch. Due to an extensive suite of tests, the image building phase is quite time-consuming, leading to prolonged wait times.

To optimize this, I attempted to save time by pushing a pre-built image to GitLab (which was locally built) intending to modify my approach for subsequent runs. I envisioned adjusting the Dockerfile to initiate from this base image, somewhat like this:

FROM my-base-image:latest
RUN example_test

However, this adaptation hit a roadblock with an error message popping up as follows:

failed to authorize: failed to fetch anonymous token: Get "https://myserver/jwt/auth?scope=repository%3Adev%2Fbackend%2Ftest-prebuild%2Fbackend-test-prebuild-image%3Apull&service=container_registry": tls: failed to verify certificate: x509: certificate signed by unknown authority

Given that I’m operating under the constraints of Shared Runners, I lack the privilege to tweak the “insecure registry” parameters.

Is anyone aware of alternative solutions that could circumvent my current predicament? Any guidance or suggestions would be immensely appreciated.

Thanks in advance!

Hi @fer0m

It seems your registry is using self-signed or custom CA signed SSL certificate. This issue is caused by the Docker not trusting the certificate. There are couple of solutions:

  1. äthe easier) Use SSL certificate from a publicly trusted CA (Let’s encrypt is free)
  2. Use your own container image based on docker:dind and add the certificate to trust store
1 Like