https://rancher.com/ logo
Title
g

gray-river-53365

12/30/2022, 1:35 PM
Hello, is it somehow possible to disable or acknowledge the certificate warning when pushing an image from a private registry? I’m using Rancher Desktop for Mac (v1.7.0) and want to push to my private Harbor instance (which uses a self-signed certificate). The certificate is trusted in my keychain, but I still get the error message:
ERROR: failed to solve: failed to do request: Head "<https://registry.my.domain/v2/library/base/blobs/sha256:c3e6129b48b69d14c5e7a5605e2b94003fb71aac82eac46b8689f5b8007af2c5>": x509: certificate signed by unknown authority
I already tried modifying the
docker.json
file (see https://docmoa.github.io/01-Infrastructure/Container/rancher-desktop-insecure-setup-mac.html) but that didn’t resolve the issue.
f

fast-garage-66093

01/03/2023, 5:41 PM
RD is installing all root certificates from the keychain into the VM automatically, so this should "just work" automatically. I just tested it with my own local registry:
$ rdctl shell curl <https://registry.home/v2/_catalog>
{"errors":[{"code":"UNAUTHORIZED","message":"authentication required","detail":[{"Type":"registry","Class":"","Name":"catalog","Action":"*"}]}]}
So I wonder if your root CA is installed differently on your host, so RD ignores it.
Did you verify that your cert is not expired?
There are some cert verification messages in
~/Library/Logs/rancher-desktop/networking.log
, but they are not that useful, as you can't easily map the errors back to the original cert. It is normal to see several expired (or revoked) certs in the log, but maybe you have some other errors as well?