Nginx:latest: download/extract error: check registry failed: SSL: ssl: no trusted CA certificate found (6)

TikYAN · December 10, 2025, 1:01pm

Hi Mikrotik Team,

on ROS7.20 and ROS7.21rc1 i’m not able to fetch an container image.

/container/config/set registry-url=https://registry-1.docker.io
/container/add remote-image=nginx:latest interface=veth1

Flags: F - DOWNLOAD/EXTRACT FAILED
Columns: NAME, ROOT-DIR, INTERFACE, CPU-USAGE
#   NAME          ROOT-DIR      INTERFACE  CPU-USAGE
;;; download/extract error: check registry failed: SSL: ssl: no trusted CA certificate found (6)
0 F nginx:latest  nginx:latest  veth1              0

i’ve tried to import the CA from docker which is Amazon - but no change here.

Is there an Workaround?

Best Regards!

rextended · December 10, 2025, 1:17pm

Is it too obvious to install the certificate it doesn't find?
I'm probably wrong, thinking such a trivial thing while reading the error,
maybe something else needs to be done... like set the right date and time in the clock...

CGGXANNX · December 10, 2025, 1:29pm

In this case with registry-1.docker.io you only need to change this setting:

In 7.21rc1:

/certificate settings set builtin-trust-store=all

In 7.20.6:

/certificate settings set builtin-trust-anchors=trusted

And @rextended is correct, you should also make sure the clock is properly synchronized.