- What's new
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Introduction
- Permissions Management
- Basics of the Container Engine
-
Image Management
- Uploading an Image Through a Container Engine Client (Recommended)
- Obtaining a Long-Term Valid Login Command
- Uploading an Image Through SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing a Private Image
- Adding a Trigger
- Adding an Image Retention Policy
- Configuring Automatic Image Synchronization Between Regions
- Image Center
- Organization Management
- User Permissions
- Auditing
- Change History
- Best Practices
-
API Reference
- Before You Start
- Calling APIs
- API Overview
-
API
- Organization Management
- Managing Image Repositories
- Image Tag Management
- Shared Account Management
- API Version
- Organization Permission Management
- Image Permission Management
- Image Synchronization Management
- Trigger Management
- Image Retention Policy Management
- Temporary Login Command
- Quota Management
- Other
- Example Applications
- Appendixes
- SDK Reference
-
FAQs
- General FAQs
- Login Issues
- Synchronizing Images
- Pushing an Image
- Pulling an Image
-
Troubleshooting
- Why Does the Login Command Fail to Be Executed?
- Why Does an Image Fail to Be Pushed Through a Container Engine Client?
- Why Does an Image Fail to Be Uploaded Through SWR Console?
- Why Does the docker pull Command Fail to Be Executed?
- What Should I Do If Images Cannot Be Downloaded from Private Networks?
- What Do I Do If an Error Occurs When I Call an API?
-
Other FAQs
- Why Does a CCE Workload Cannot Pull an Image from SWR and a Message "Not Logged In" Is Displayed?
- How Many Tenants Can I Share an SWR Private Image With?
- Why Is an Image Pushed Using a Container Engine Client to SWR Different in Size From One Uploaded Through the SWR Console?
- Can I Pull Images on the SWR Console to a Local PC?
- Videos
- Glossary
-
More Documents
- User Guide
- API Reference
- User Guide (Paris Regions)
- API Reference (Paris Regions)
- User Guide (Kuala Lumpur Region)
- API Reference (Kuala Lumpur Region)
-
User Guide (Ankara Region)
- Service Overview
- Overview
- Permissions Management
- Basics of Docker
-
Image Management
- Pushing an Image Through a Container Engine Client
- Obtaining a Long-Term Valid Docker Login Command
- Obtaining a Long-Term Valid containerd Pull/Push Command
- Uploading an Image Through the SWR Console
- Pulling an Image
- Setting Image Attributes
- Sharing Private Images
- Adding a Trigger
- Adding an Image Retention Policy
- Organization Management
- User Permissions
- FAQs
-
API Reference (Ankara Region)
- Before You Start
- API Overview
- Calling APIs
- API
- Appendixes
- Permissions and Supported Actions
- General Reference
Copied.
Why Does the docker pull Command Fail to Be Executed?
x509: certificate signed by unknown authority
Problem: When you run the docker pull command to pull an image from SWR, error message "x509: certificate signed by unknown authority" is displayed.
Possible causes:
- The container engine client communicates with SWR through HTTPS. The client verifies the server certificate. If the root certificate installed on the client is incomplete, the error message "x509: certificate signed by unknown authority" is displayed.
- A proxy is configured on the container engine client.
Solutions:
- If you trust the server, skip certificate authentication. Specifically, manually configure the container engine startup parameters using either of the following two methods. Replace Image repository address with the actual SWR repository address.
- Add the following configuration to the /etc/docker/daemon.json file. If the file does not exist, manually create it. Ensure that two-space indents are used in the configuration.
{ "insecure-registries":["Image repository address"] }
- /etc/sysconfig/docker:
INSECURE_REGISTRY='--insecure-registry=Image repository address'
After configuration, run the systemctl restart docker or service restart docker command to restart the container engine.
- Add the following configuration to the /etc/docker/daemon.json file. If the file does not exist, manually create it. Ensure that two-space indents are used in the configuration.
- Run the docker info command to check whether the proxy is correctly configured. If not, modify the configuration.
Error: remote trust data does not exist
Problem: When you run the docker pull command to pull an image from SWR, message "Error: remote trust data does not exist" is displayed.
Possible cause: The image signature verification is enabled on the client. However, the image to be pulled does not contain a signature layer.
Solution: Check whether the environment variable DOCKER_CONTENT_TRUST is set to 1 in the /etc/profile file. If yes, change the value to 0 and run source /etc/profile for the setting to take effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot