Failed to pull image with x509: certificate signed by unknown authority error when using mirrored registries in OpenShift 4

Solution Verified - Updated -

Issue

  • Using a mirrored registry, there are pods in ImagePullBackOff error, and the images cannot be pulled with error Failed to pull image and x509: certificate signed by unknown authority error errors.
  • The image pull fails with the following message shown in the events:

    Failed to pull image "quay.io/openshift-release-dev/ocp-release@sha256:xxxxxx": rpc error: code = Unknown desc = (Mirrors also failed: custom-image-registry-mirror.example.com:[port]/[namespace]0@sha256:xxxxxx: pinging container registry custom-image-registry-mirror.example.com:[port]: Get "https://custom-image-registry-mirror.example.com:[port]/v2/": x509: certificate signed by unknown authority]): quay.io/openshift-release-dev/ocp-release@sha256:xxxxxx: pinging container registry quay.io: Get "https://quay.io/v2/": dial tcp: lookup quay.io on 10.0.0.1:53: server misbehaving
    

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Disconnected environment
  • Mirrored registry

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content