If you are using Rancher Desktop, and the Moby CLI, and you are trying to push images to a private registry, you may receive the following error:
$ docker push private.registry.domain/my/image
Using default tag: latest
The push refers to repository [private.registry.domain/my/image]
Get "https://private.registry.domain/v2/": x509: certificate signed by unknown authority
If you receive this error, it is likely because the VM that underpins Rancher Desktop (lima) does not have the CA certificate used to sign the cert for your private registry. To fix this, follow these steps:
- Using
rdctl
, open a shell onto the VM.rdctl
is found in ~/.rd/bin
Executerdctl shell
to pop into the lima VM - Once inside the VM, navigate to /usr/local/share/ca-certificates
- Copy the PEM-encoded contents of your root CA certificate into a new file in this directory. You can
echo
the contents and redirect (>) into a file, or usevi
. - Once this file is created, execute
update-ca-certificates
. - Restart Docker on this VM by executing
service docker restart
You should now be able to push images!