Docker pull error : x509: certificate has expired or is not yet valid

Question

Description of problem:

I'm trying to pull ubuntu from the public registry with this command :

docker pull ubuntu

And then i got this results (the previous command was working yesterday) :

"Error while pulling image: Get https://index.docker.io/v1/repositories/library/ubuntu/images: x509: certificate has expired or is not yet valid"

docker version :

Client:
Version: 1.10.0
API version: 1.22
Go version: go1.5.3
Git commit: 590d510
Built: Thu Feb 4 18:36:33 2016
OS/Arch: linux/amd64

Server:
Version: 1.10.0
API version: 1.22
Go version: go1.5.3
Git commit: 590d510
Built: Thu Feb 4 18:36:33 2016
OS/Arch: linux/amd64

docker info :

Containers: 4
Running: 0
Paused: 0
Stopped: 4
Images: 20
Server Version: 1.10.0
Storage Driver: aufs
Root Dir: /var/lib/docker/aufs
Backing Filesystem: extfs
Dirs: 44
Dirperm1 Supported: true
Execution Driver: native-0.2
Logging Driver: json-file
Plugins: 
Volume: local
Network: bridge null host
Kernel Version: 3.19.0-49-generic
Operating System: Ubuntu 14.04.3 LTS
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 5.815 GiB
Name: ubuntu
ID: Y6OO:23T2:BAPU:DVQJ:HJCJ:USEP:T6EU:PMG4:O4M6:46C7:JKPC:BQHT
WARNING: No swap limit support

uname -a :

Linux ubuntu 3.19.0-49-generic #55~14.04.1-Ubuntu SMP Fri Jan 22 11:24:31 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

I verify my "date" and everything is good. I don't know where this issue can come from.

Answer 1

this one did it for me docker-machine regenerate-certs --client-certs

Answer 2

This can also apparently happen with time drift, which is a problem with Docker Desktop for Windows. The clock on the Linux VM that s running the Docker daemon does not, by default, sync time with your main Windows host. If, like me, you work on a laptop, and your laptop is asleep for long periods of time without you rebooting or otherwise restarting Docker, it would seem your Linux VM's clock can drift enough that you can get this error. Restarting Docker clears it up, however.

I recognize the OP is probably no longer in need of an answer and it was not necessarily the OPs issue (no indication if they were using Windows), but since I got here through my own research into this problem, I figured I'd add the answer.

Answer 3

I got this error, it was related to system date/time settings. (I realize the OP stated his date was OK, just adding this comment for other people who might arrive at this page where this is the issue - like I did!!)

Had an issue when I booted up my machine and the time/date settings were incorrect. Later, after my machine had the correct date/time settings, I tried to pull an image from docker and got the above error.

I restarted the docker daemon running locally, so it picked up the new date/time and can now pull successfully again.

Answer 4

You can either use --insecure-registry option while starting docker deamon or need to provide valid certificate path. Look here for details.

Answer 5

In my case I have decided to change the date and time of the server to the current date.

Answer 6

if this happened with Docker on Windows

Just Restart Docker Desktop

Answer 7

This happened also to me:

• while trying to login to an Artifactory.
• when my local docker daemon has been running for a couple weeks.

I simply restarted my local docker daemon, and could login to the Artifactory with no error message.

Answer 8

Check if your docker registry is running or not. if no registry is runnign try docker run -d -p 5000:5000 --name registry registry:2

Answer 9

If the other recommendations don't get you anywhere, make sure that you aren't using a reverse proxy (like Apache) AND Jetty.

If you are using both, its quite likely there is a *.jks that has not been updated with the most up to date certificate.

Answer 10

I had the similar issue on centos vagrant vm machine. When I were pulling any docker image, the bellow error were poping up

   error pulling image configuration: Get https://production.cloudflare.docker.com/registry-v2/docker/registry/v2/blobs/sha256/4b/4bb46517cac397bdb0bab6eba09b0e1f8e90ddd17cf99662997c3253531136f8/data?verify=1597376104-j8KSa2vKDeIZNFuPq0EP9cb3sqc%3D: x509: certificate has expired or is not yet valid

The problem was the centos vagrant vm machine date and timezone were different from my host machine. After updating my vm machine to the same date and timezone with my host, the issue were fixed.

   #check the timezone
   $timedatectl
   #update timezone
   $timedatectl set-timezone America/Toronto
   #update date
   date --set="Fri August 14 3:08:10 EDT 2020"

Answer 11

Whenever you face below problem please set your date and time correct:

"Error while pulling image: Get https://index.docker.io/v1/repositories/library/ubuntu/images: x509: certificate has expired or is not yet valid"

use below command for linux system to set the date and time

sudo date --set='Mon Jan 13 14:50:44 IST 2020' "Note"=> if you are from different time zone please set as CST,EST,EDT etc.

Answer 12

In a dev environment you could avoid this error modify the file daemon.json alocate at /etc/docker/daemon.json add a insecure registry at the list and restart the docker engine

{
  "insecure-registries" : [ "myinsecureregistry.com:443", "myinsecureregistry.com", "x.x.x.x:5000" ]
}

Ref: daemon configuration

Answer 13

You need to check with network configuration.If you assign single network interface you will get this issue.In network setting check NIC's are enable both public and private.