Building docker image fails with failed to fetch anonymous token, TLS handshake timeout

Question

I got a problem while creating a docker image using docker build -t image_name .. When I execute it I get errors:

 => [internal] load build definition from Dockerfile                                                               0.1s
 => => transferring dockerfile: 32B                                                                                0.0s
 => [internal] load .dockerignore                                                                                  0.0s
 => => transferring context: 2B                                                                                    0.0s
 => ERROR [internal] load metadata for docker.io/library/java:8                                                    0.2s
------
 > [internal] load metadata for docker.io/library/java:8:
------
failed to solve with frontend dockerfile.v0: failed to create LLB definition: failed to authorize: rpc error: code = Unknown desc = failed to fetch anonymous token: Get https://auth.docker.io/token?scope=repository%3Alibrary%2Fjava%3Apull&service=registry.docker.io: net/http: TLS handshake timeout

Answer 1

Manually pulling the base image before building may resolve the error. Try running docker pull for the base image prior to executing docker build.

Answer 2

use Vpn or alternative nameservers to bypass restrictions:

1- change this file to add dns server, open config file with vim or nano

sudo nano /etc/dhcp/dhclient.conf

2- change or add nameserver in this line

prepend domain-name-servers 8.8.8.8 ip2 ip3;

3- restart network service

sudo service network-manager restart

Answer 3

For me, I was running this on windows WSL2 and for some reason this couldn't resolve the DNS. I ran it from cmd.exe and it worked.

Answer 4

Check manually if you can docker pull same emage with version on the server. Maybe the image has been deleted from registry. You can also find image you want to pull and use copy&paste command eg from https://hub.docker.com/_/node/tags to be sure that there is no typo

Answer 5

In my case this happened on Ubuntu WSL2 for Windows. This happened while running

docker build -t cbusha-be:latest .

On accident after having already ran

docker buildx build -t cbusha-be:latest .

once I switched back to the BuildX command it worked again

Answer 6

Tagging on to answer regarding setting DNS in resolv.conf, but I don't have enough reputation to comment apparently. Some Linux applications read resolv.conf directly and do not use systemd-resolved (which is used by Arch by default). You can address this by replacing /etc/resolv.conf with a link to a systemd-resolved DNS stub file like ln -rsf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

It is covered in the DNS section of this documentation https://wiki.archlinux.org/title/Systemd-resolved

Answer 7

If you use MacOS check if there are any kind of System Extensions which intercept the traffic - e.g. firewalls, vpn clients, security tools. run systemextensionsctl list in your terminal app:

1 extension(s)
--- com.apple.system_extension.network_extension
enabled active  teamID  bundleID (version)  name    [state]
*   *   78UFGP42EU  ch.tripmode.TripMode.FilterExtension (3.1.0/1304)   FilterExtension [activated enabled]

In my case the App TripMode was the reason for the problem. Uninstalling the tool and restarting the system fixed the problem.

Answer 8

This recently happened for me when running a build script for earthly/earthly.

OS: Arch Linux 5.14.8-arch1-1

Docker from official repository: Docker version 20.10.8, build 3967b7d28e

Solution (likely a Linux-only solution)

DNS was misconfigured for me. For some reason, docker pull golang:1.16-alpine3.14 worked fine but was failing when running the build script. This answer on r/docker helped.

Adding a DNS nameserver to my /etc/resolv.conf solved this issue for me:

cat /etc/resolv.conf
# Cloudflare
nameserver 1.1.1.1

Other Attempted Solutions

1. Disable Buildkit

From this answer to Docker build: failed to fetch oauth token for openjdk?, this did not solve the issue since I believe buildkit was required for the script I was running:

export DOCKER_BUILDKIT=0
export COMPOSE_DOCKER_CLI_BUILD=0

2. Manually pull image

3. Authenticating with Docker

The error looked like something that might happen when I was unauthenticated with hub.docker.com. After logging in with docker login --username <username> I still receieved the errors.