Description

Renewing the existing DigiCert Trusted Root Authority Certificates might affect pulling Sitecore images from the scr.sitecore.com container release registry. A new certificate has been issued by a different Digicert certificate authority (TLS) compared to the previous one (SHA2 Secure Server). If DigiCert TLS RSA SHA256 2020 CA1 CA certificate has not been installed on a machine, this results in the following error while pulling Docker images:

Error response from daemon: Get https://scr.sitecore.com/v2/: x509: certificate signed by unknown authority

The issue can affect both Linux and Windows machines.

Solution

To resolve the issue, consider the following solution:

1. Download and install the publicly available DigiCert TLS RSA SHA256 2020 CA1 CA certificate on the machine: 
   
   
   • For Ubuntu:

     wget -O DigiCertTLSCA.crt.pem https://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt.pem
     openssl x509 -in DigiCertTLSCA.crt.pem -inform PEM -out DigiCertTLSCA.crt
     sudo cp DigiCertTLSCA.crt /usr/local/share/ca-certificates/DigiCertTLSCA.crt
     sudo update-ca-certificates

   • For Windows:
     
     1. Download DigiCert TLS RSA SHA256 2020 CA1 from the website.
     2. Right-click and install it on the local machine (requires administrator rights).
2. Reboot the system after the certificate has been installed.