Develop Reference

minikube does not start on ubuntu 20.04 LTS. Exiting due to GUEST_PROVISION

I am trying to setup minikube in a VM with ubuntu desktop 20.04 LTS installed, using docker driver.
I've followed the steps here, and also taken into consideration the limitations for the docker driver (reported here), that have to do with runtime security options. And when I try to start minikube the error I get is : Failed to start host: creating host: create: creating: prepare kic ssh: copying pub key.
This is what I have done to have my brand new VM with minikube installed.
Install docker
Add my user to the docker group, otherwise minkube start would fail because dockerd runs as root (aka Rootless mode in docker terminology).
Install kubectl (that is not necessary, but I opted for this instead of the embedded kubectl in minikube)
Install minikube
When I start minikube, this is what I get:
ubuntuDesktop:~$ minikube start
😄 minikube v1.16.0 on Ubuntu 20.04
✨ Using the docker driver based on user configuration
👍 Starting control plane node minikube in cluster minikube
🔥 Creating docker container (CPUs=2, Memory=4500MB) ...
✋ Stopping node "minikube" ...
🛑 Powering off "minikube" via SSH ...
🔥 Deleting "minikube" in docker ...
🤦 StartHost failed, but will try again: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset051825440 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset051825440: no such file or directory
: exit status 1
🔥 Creating docker container (CPUs=2, Memory=4500MB) ...
😿 Failed to start docker container. Running "minikube delete" may fix it: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset544814591 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset544814591: no such file or directory
: exit status 1
❌ Exiting due to GUEST_PROVISION: Failed to start host: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset544814591 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset544814591: no such file or directory
: exit status 1
😿 If the above advice does not help, please let us know:
👉 https://github.com/kubernetes/minikube/issues/new/choose
I suspect that the error has to do with the security settings issues with the docker driver, but this seems to be like a dog chasing its tail: if I don't use rootless mode in docker and I attempt to start minikube with sudo (so that docker can also start up with a privileged user), then I get this:
ubuntuDesktop:~$ sudo minikube start
[sudo] password for alberto:
😄 minikube v1.16.0 on Ubuntu 20.04
✨ Automatically selected the docker driver. Other choices: virtualbox, none
🛑 The "docker" driver should not be used with root privileges.
💡 If you are running minikube within a VM, consider using --driver=none:
📘 https://minikube.sigs.k8s.io/docs/reference/drivers/none/
❌ Exiting due to DRV_AS_ROOT: The "docker" driver should not be used with root privileges.
So, or either I am missing something or minikube doesn't work at all with docker driver, which I doubt.
Here is my environment info:
ubuntuDesktop:~$ docker version
Client:
Version: 19.03.11
API version: 1.40
Go version: go1.13.12
Git commit: dd360c7
Built: Mon Jun 8 20:23:26 2020
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 19.03.11
API version: 1.40 (minimum version 1.12)
Go version: go1.13.12
Git commit: 77e06fd
Built: Mon Jun 8 20:24:59 2020
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.13
GitCommit: 7ad184331fa3e55e52b890ea95e65ba581ae3429
runc:
Version: 1.0.0-rc10
GitCommit:
docker-init:
Version: 0.18.0
GitCommit: fec3683
ubuntuDesktop:~$ minikube version
minikube version: v1.16.0
commit: 9f1e482427589ff8451c4723b6ba53bb9742fbb1-dirty
If someone has minikube working on ubuntu 20.04 and could share versions and driver, I would appreciate. with the info in minikube and docker sites I don't know what else to check to make this work.

Solution:
As I mentioned in my comment you may just need to run:
docker system prune
then:
minikube delete
and finally:
minikube start --driver=docker
This should help.
Explanation:
Although as I already mentioned in my comment, it's difficult to say what was the issue in your specific case, such situation may happen as a consequence of previous unseccessful attempt to run your Minikube instance.
It happens sometimes also when different driver is used and it is run as a VM and basically deleting such VM may help. Usually running minikube delete && minikube start is enough.
In this case, when --driver=docker is used, your Minikube instance is configured as a container in your docker runtime but apart from container itself other things like networking or storage are configured.
docker system prune command removes all unused containers, networks, images (both dangling and unreferenced), and optionally, volumes. So what we can say for sure it was one of the above.
Judging by the exact error message:
❌ Exiting due to GUEST_PROVISION: Failed to start host: creating host: create: creating: prepare kic ssh: copying pub key: docker copy /tmp/tmpf-memory-asset544814591 into minikube:/home/docker/.ssh/authorized_keys, output: lstat /tmp/tmpf-memory-asset544814591: no such file or directory
: exit status 1
I guess it could be simply clearing some cached data that helped in your case and removing broken references to non-existing files. The above message explains quite clearly what couldn't be done, namely docker couldn't copy a public ssh key to the destination minikube:/home/docker/.ssh/authorized_keys as the source file /tmp/tmpf-memory-asset544814591, it attempted to copy it from, simply didn't exist. So it's actually very simple to say what happend but to be able to tell why it happened might require diving a bit deeper in both Docker and Minikube internals and analyze step by step how Minikube instance is provisioned when using --driver=docker.
It's a good point that you may try to analyze your docker logs but I seriously doubt that you will find there the exact reason why non-existing temporary file /tmp/tmpf-memory-asset544814591 was referenced or why it didn't exsist.

minikube start --force --driver=docker fixed it for me

The issue is that the docker driver should not be used with root privileges. And by default, the docker daemon always runs as the root user. To run the docker daemon not as root user, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
Run the following commands to fix this issue
Create the docker group if not exist
sudo groupadd docker
Add user to the docker group
sudo usermod -aG docker [user]
To activate changes to the group
newgrp docker
start minikube cluster
minikube start

This worked for me
minikube start --driver=docker --container-runtime=containerd

if you use Linux Desktop OS with docker and minikube already installed, just run
sudo usermod -aG docker $USER
and restart your computer.
It worked for me.

I was running into the same issue when I attempted to install Minikube on an Ubuntu 20.04 system.
The "docker system prune" didn't help in my case, but I figured out the cause for my issue was that /var was mounted with the nosuid option and I had to remove that and remount /var. The minikube cluster initialization then worked.
I might be too ignorant but I didn't find that info stated as a requirement.

Restarting my mac helped me.
I was getting below error earlier:
❌ Exiting due to DRV DOCKER NOT RUNNING: Found docker, but the docker service isn't running. Try restarting the docker service.

sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io
sudo systemctl enable docker
systemctl status docker
sudo systemctl start/stop docker
sudo groupadd docker
sudo usermod -aG docker user_name --- to add the user to docker group.
newgrp docker -- to activate the grp
minikube start or minikube start --driver=docker ---to start minikube

On my Raspberry Pi this problem was resolved with:
sudo usermod -aG docker $USER && newgrp docker

Try the following:
minikube delete
Then try to delete all docker images with name like k8s... and minikube:
docker rmi <container id> <container id2> <container id3>
Finally:
minikube start

On my end just a docker system prune did the job (Ubuntu).
I had a few configurations I did not want to lose on my minikube profile and it recreated the container accordinlgy and booted fine.
So before the minikube profile deletion it is something to try first.

It's worth checking to see if it's running in Docker desktop on a Mac. If it is then run the kubectl command. If that returns the commands screen then you're good to go.

Docker not able to pull images behind proxy TLS handshake timeout

I have latest Docker version 18.06.0 installed on CentOS 7.
My server is in a corporate network so using a proxy server to access the registry.
I have added proxy settings as per docker documentation.
But finally adding proxy settings in worked partially. i.e. now docker is using proxy to pull the image before it runs.
But now it fails giving following error:
$ sudo docker run hello-world
Unable to find image ‘hello-world:latest’ locally
docker: Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: net/http: TLS handshake timeout.
Also, the login fails:
$ sudo docker login --username=XXXX
Password:
Error response from daemon: Get https://registry-1.docker.io/v2/: proxyconnect tcp: EOF
My proxy is pretty fast. When I’m using it to download anything from the internet using wget or curl I see 90 to 100Mbps speed.
Other applications utils on my machine such as yum are using this proxy perfectly and it works well.
Now I don’t know why only Docker has a problem in downloading the images.
The details of installation and configuration are as follow:
Version:
$ sudo docker version
Client:
Version: 18.06.0-ce
API version: 1.38
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:08:18 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.0-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.3
Git commit: 0ffa825
Built: Wed Jul 18 19:10:42 2018
OS/Arch: linux/amd64
Experimental: false
OS Version:
Description: CentOS Linux release 7.2.1511 (Core)
Release: 7.2.1511
Docker proxy config:
$ cat /etc/systemd/system/docker.service.d/https-proxy.conf
[Service]
Environment=“HTTP_PROXY=http://pqr.corp.xxx.com:8080”
Environment=“HTTPS_PROXY=https://pqr.corp.xxx.com:8080”
Environment=“NO_PROXY=localhost,127.0.0.1”
after adding this configuration I have already done
sudo systemctl daemon-reload
sudo systemctl restart docker
Looking for specific help.
I have gone through most of the posts on TLS Handshake Timeout issues but didn’t get any answer or suggestions working for me.
My proxy is fine and docker is using it. I don’t understand why it gets that nasty timeout.

The config file is:
[Service]
Environment=“HTTP_PROXY=http://pqr.corp.xxx.com:8080”
Environment=“HTTPS_PROXY=https://pqr.corp.xxx.com:8080”
Environment=“NO_PROXY=localhost,127.0.0.1”
Notice that 3rd line: HTTPS_PROXY=https
Is the proxy server support HTTPS? Or there should be an error.
Maybe HTTPS_PROXY=http is correct.
By the way, a similar error is Get https://registry-1.docker.io/v2/: proxyconnect tcp: EOF

Reason is usually related with your network settings. Especially, if your Docker is set up with Proxy, make it temporary with "No Proxy" option and it should work.
Cheers

I was also facing same issue behind firewall. Follow below steps:
$ sudo vim /etc/systemd/system/docker.service.d/http_proxy.conf
[Service]
Environment=“HTTP_PROXY=http://username:password#IP:port/”
Don’t use or remove https_prxoy.conf file.
reload and restart your docker
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
$ docker pull hello-world
Using default tag: latest
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:2557*********************************8
Status: Downloaded newer image for hello-world:latest

The answers before mine point towards this direction, but neither states it clearly: Removing all https proxy settings solves this problem. I had a https-proxy.conf file just like OP's and docker pull started to work after I deleted the HTTPS_PROXY line. I know that the https proxy I use works all right so it must be a problem on Docker's side.
I found this solution on serverfault.

Error "Get https://registry-1.docker.io/v2/: net/http: request canceled" while building image

I am getting the below error while building an image
Step 1/10 : FROM ubuntu:14.04
Get https://registry-1.docker.io/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)

I think the issue is that you are behind the proxy which in which case you need to write a manual configuration in Docker systemd service file. That will override the default docker.service file.
If you are using Docker for Windows, then simply set the default DNS to 8.8.8.8 on the "vEthernet (DockerNAT)" network adapter. But remember, this is not the best practice as you will be exposing from your office network.
In linux environment, you could add the environment variable as you are behind HTTP_PROXY or HTTPS_PROXY, as you are using port 80 or 443 respectively. As shown below in /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
as for HTTTP_PROXY in /etc/systemd/system/docker.service.d/https-proxy.conf
[Service]
Environment="HTTPS_PROXY=https://proxy.example.com:443/"
Then just restart docker after deamon reload:
$ sudo systemctl daemon-reload
$ sudo systemctl restart docker
Hope this works.
Reference: https://docs.docker.com/engine/admin/systemd/#httphttps-proxy

I had the same problem and the following fix has worked for me:
https://github.com/moby/moby/issues/22635#issuecomment-260063252
In my case I've added the following 2 nameserver lines to /etc/resolv.conf file.
before:
nameserver 127.0.0.53
after:
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 127.0.0.53

I was facing the same issue when trying to build or pull an image with Docker on Win10. Changing the DNS of the Docker vEthernet(DockerNAT) network adapter to 8.8.8.8 fixed it for me, as described in this GitHub issue.
To change the DNS go to Docker (TrayIcon) -> Settings -> Resources -> Network and set a fixed DNS server ip = 8.8.8.8.
Changing the DNS server in the configuration of the windows network adapter worked too.
After restarting Docker is able to pull and build images again.
Version Info:
Windows 10 x64 Enterprise Version 1709
$ docker version
Client:
Version: 17.12.0-ce
API version: 1.35
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:05:22 2017
OS/Arch: windows/amd64
Server:
Engine:
Version: 17.12.0-ce
API version: 1.35 (minimum version 1.12)
Go version: go1.9.2
Git commit: c97c6d6
Built: Wed Dec 27 20:12:29 2017
OS/Arch: linux/amd64
Experimental: true

On Mac OS X, I fixed this issue by not using the experimental virtualization framework.
Preferences -> Experimental Features

I got the same error and it was resolved by
docker logout registry-1.docker.io

I had the same issue and only found out after 30 minutes that I was on a VPN network for work which blocks other sites. I went off the VPN, and it worked :) This is definitely a network issue. When it said "not authenticated", I thought perhaps I needed some login credentials or so.

I face this problem when performing Ansible AWX installation.
I had my own private DNS :192.168.0.254 & 192.168.0.253 but was receiving same error.
Issue got resolved after change my DNS back to 8.8.8.8 & 8.8.4.4.

This error occurs on Big Sur 11.3.1, Intel when you check the box for "Use new virtualization framework" under the Experimental Features tab. Unchecking the box and restarting Docker fixed this problem for me.

This may be the old one, but fixed available here
https://success.docker.com/article/i-get-x509-certificate-signed-by-unknown-authority-error-when-i-try-to-login-to-my-dtr-with-default-certificates
run following commands on each server
export DOMAIN_NAME=bootstrap.node1.local
export TCP_PORT=5000
openssl s_client -connect $DOMAIN_NAME:$TCP_PORT -showcerts </dev/null 2>/dev/null | openssl x509 -outform PEM | tee /etc/pki/ca-trust/source/anchors/$DOMAIN_NAME.crt
update-ca-trust
/bin/systemctl restart docker.service

I have same issue with registry deployed in swarm. Restart docker helps but after some time it occurs again.
Redeploy registry with docker-compose
sudo docker-compose up -d
and all works fine

I also had problems with pull requests timing out.
with both
docker pull hello-world
kubeadm config images pull
Perhaps this problem started for me when upgrading the VM from ubuntu 18 to 20, but there were also many kubernetes related config changes I made, so not sure.
anyway this solution resolved it for me.
https://stackoverflow.com/a/51648635/11416610
thanks #nils!
incase the above link brakes, here is a quote:
I had the same issue yesterday. Since I am behind a company proxy, I
had to define the http-proxy for the docker daemon in:
/etc/systemd/system/docker.service.d/http-proxy.conf
The problem was, that I misconfigured the https_proxy, how it is
described here. I used https:// in the https_proxy environment
variable, which caused this error.
This configuration works for me:
cat /etc/systemd/system/docker.service.d/http-proxy.conf
[Service]
Environment=http_proxy=http://IP:PORT/
Environment=no_proxy=localhost,127.0.0.1
Environment=https_proxy=http://IP:PORT/
Remember that you have to restart the docker daemon after changing
this configuration. You can achieve this by using:
systemctl daemon-reload
systemctl restart docker

I was getting the same error. I am using a ubuntu 20.04 system
Error response from daemon: Get "https://registry-1.docker.io/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
I added the missing lines inside /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
sudo nano /etc/resolv.conf
This is how it looks now.
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 127.0.0.53
options edns0 trust-ad

I faced this issue on ubuntu when I am trying to build elasticsearch:
And I got this error:
ERROR: Get https://docker.elastic.co/v2/: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
It was my network connection problem. I was using VPN.
so I disconnect my VPN connection and it's working fine.
for some reasons, it's trying to look up the domain it seems trying to search for the domain inside the local network after I disconnect the VPN everything worked fine.

Windows 10 - home PC. none of the solution worked for me. what worked is un-install docker, restart PC, "run as administrator" while installing exe. worked!!

For my case, my company needed to define my IP in the White list in order to access the cloud.docker files. So do not hesitate to tell the responsible person if you have such error.

My issue was with Windows WSL, not only do you have to set the static dns servers as mentioned above in both the Docker Desktop client, and your containers, but you also need to add
[network]
generateResolvConf = false
to the /etc/wsl.conf in your linux containers. You will need to reboot your container as outlined in https://superuser.com/questions/1126721/rebooting-ubuntu-on-windows-without-rebooting-windows, or you can reboot your pc.

None of those solutions worked for me.
I finally make it work simply by doing an update of docker. (MAC OS)

I experienced this issue when trying to push to Docker.
I updated Docker Desktop (via the GUI)
I also ran docker system prune which prompts:
WARNING! This will remove:
- all stopped containers
- all volumes not used by at least one container
- all networks not used by at least one container
- all dangling images
Confirm this by entering yes

It could be temporary network issue. I had same issue. I would these two
Re-run the command again
Restart the Docker Desktop

I had the same issue. I was getting this error while following the Udemy course. Since I was new to Docker I was actually building image by giving incorrect repository name( I was using Instructor username instead of mine docker repository username). When we push the image to Docker hub, use your docker repository name. Hence build image using your username.
docker build . -t docker_username/example:latest
where . represent current directory where your Dockerfile resides.
Please first logged in your docker repository by using Docker desktop in your system
Hope this will solve someone's problem.

my solution was :
docker image prune and docker volume prune

Experienced this Error while I was trying to : docker pull odoo
and my solution was: sudo systemctl restart docker

Just log in through the terminal and use the below command
docker login
Enter username and password

I was stuck too, tried everything I could then I tried
these:
https://fedingo.com/how-to-uninstall-docker-in-ubuntu/
Make sure you repeat step 1 and 2 mentioned in link untill step 1 shows nothing
then procceed with step 3 and the next steps
then delete docker folder from here
/etc/systemd/system/docker.service.d/
then follow :
https://docs.docker.com/engine/install/ubuntu/

I have faced this error sometimes, my docker image is built smoothly before but when I have to remove all images ( even I do not make any change with the docker configuration files or any error in code). this still happens.
so I think that it may cause by the connection for it does a "Get https://registry-1.docker.io/v2/:....."
I have change DNS to google DNS 8.8.8.8 and 8.8.4.4 then it 's worked.
good luck!

Just add at the end of your shell command --dns 8.8.8.8

I got this error from my own Internet connection. Switched to another provider, all good.

Check in case VPN is blocking..

Docker for Windows not working

I've installed Docker toolbox now and I get the error for everything:
Get http://127.0.0.1:2375/v1.20/version: dial tcp 127.0.0.1:2375: ConnectExtcp: No connection could be made because the target machine actively refused it..
* Are you trying to connect to a TLS-enabled daemon without TLS?
* Is your docker daemon up and running?
docker version output:
Client:
Version: 1.8.1
API version: 1.20
Go version: go1.4.2
Git commit: d12ea79
Built: Thu Aug 13 02:49:29 UTC 2015
OS/Arch: windows/amd64
Get http://127.0.0.1:2375/v1.20/version: dial tcp 127.0.0.1:2375: ConnectEx tcp: No connection could be made because the target machine actively refused it..
* Are you trying to connect to a TLS-enabled daemon without TLS?
* Is your docker daemon up and running?
But the VM is running under VirtualBox. I have searched everywhere but can't find a solution.
UPDATE1: I'm using Windows 8.1 and also tried to start through Kinematic also.
UPDATE2: Everything worked like charm when I tried Virtualbox Test Build 5.0.3 or later. You can download here: https://www.virtualbox.org/wiki/Testbuilds

Just run:
"C:\Program Files\Docker Toolbox\docker-machine" ls
get the machine name, and then run:
"C:\Program Files\Docker Toolbox\docker-machine" env <MACHINE_NAME_HERE> --shell=[cmd|powershell]
and you should get something like this:
"C:\Program Files\Docker Toolbox\docker-machine" env default --shell=cmd
set DOCKER_TLS_VERIFY=1
set DOCKER_HOST=tcp://192.X.X.X:2376
set DOCKER_CERT_PATH=C:\Users\X\.docker\machine\machines\default
set DOCKER_MACHINE_NAME=default
# Run this command to configure your shell:
# copy and paste the above values into your command prompt
I also get an error open C:\Users\X\.docker\machine\machines\default\server.pem: The system cannot find the file specified.
and solved it by upgrading my VirtualBox to version 5.0.3 (from their nightly builds)
Long version:
I got the same problem and after and the "Using Docker from Windows Command Line Prompt (cmd.exe)" section from the installation manual put me in the right direction
Basically, the way docker works is that the "docker " commands are passed to a docker service (running on port 2375). As you are running the docker from windows host, the service actually runs on the linux host created by docker (you can see it by opening the virtualbox ui).
The usual flow is the following:
default machine is created
the starter (kinamatic / "Docker Quickstart Terminal" / cmd) of the machine waits for the machine to boot, gets it's IP address and sets the linux ip:port as the service address (instead of 127.0.0.1:2375) in few enviremnt/powershell variables
from this point all docker ... commands are send to the linux host and everything works almost as native linux
The problem is that there is some issue with the machine setup (my guess the new virtual box but I am not sure and have the time to dig into it). You can see that by runnung the ls command and notice that (at least in my case) the state of the machine is "timeout" and there is no url, unlike the output shown in the manual.
This causes the enviorment values not to be set and the docker ... commands to fail.
Apart from running the command, you can also start the Docker Quickstart Terminal that does the same thing but with sh shell
Regarding the certificate error, I tried to regenrate the certificates from within the virtual machine using:
/usr/local/bin/generate_cert --overwrite --host=default,127.0.0.1,10.0.2.15,192.168.99.100 --ca=/var/lib/boot2docker/tls/ca.pem --ca-key=/var/lib/boot2docker/tls/cakey.pem --cert=/var/lib/boot2docker/tls/server.pem --key=/var/lib/boot2docker/tls/serverkey.pem
I got "protocol error"s when tried to copy the certificate to the host machine, which reminded me an old virtualbox shared folders bug, so this may not be a problem with docker but with virtualbox - I upgraded to the latest nightly version (5.0.3-102224), regenerated the default image and that seems to solve it. As windows 10 is not officially supported yet neither by docker nor by virtualbox, I am not sure if this is the same thing that causes you to get the certificate error, In any case can try to copy the certificates from the virtual machine (you have the paths in code block) to your local user directory (it is mapped to /c/Users/X/ in the virtual machine)

The following worked for me (Docker Toolbox 1.8.1b and Windows 7). It is a simplified version of what #baptiste-gaillard outlined in the comments above. Short answer: Use VirtualBox 5.03 or later from the get-go.
Download VirtualBox 5.03 (nightly build at the time of this post) and extension pack.
Reboot laptop. (Clears out running VirtualBox stuff.)
Install VirtualBox 5.03 and extension pack 5.03.
Delete the default VM entirely (remove files).
Re-run Docker Quickstart Terminal shortcut to generate the default VM.
The Quickstart script seems to get along better with VirtualBox 5.03 with regards to creating the requisite TLS keys.

Had the same issue as you showed and Just fixed it a few hours ago.
All need to do is disable Hyper-V. Run a command prompt with administrator rights and run the following command:
bcdedit /set hypervisorlaunchtype off
Restart your PC, open virtualbox and delete default vm after relaunch, go back to docker quickstart terminal and put the following in command:
docker run hello-world
and you're done! Hope it solves your problem

this works for me
1) start the command line tool first and get the machine ip address by running
docker-machine ls command
2) Re-generate certs
docker-machine regenerate-certs
3) Set the evn variables manually in my case the location of certs was different
set DOCKER_TLS_VERIFY=1
set DOCKER_HOST=tcp://machine_IP:2376
set DOCKER_CERT_PATH=C:\Users\X.docker\machine\certs
set DOCKER_MACHINE_NAME=default
Now run docker version
Here is the output in my case
Client:
Version: 1.8.1
API version: 1.20
Go version: go1.4.2
Git commit: d12ea79
Built: Thu Aug 13 02:49:29 UTC 2015
OS/Arch: windows/amd64
Server:
Version: 1.8.1
API version: 1.20
Go version: go1.4.2
Git commit: d12ea79
Built: Thu Aug 13 02:49:29 UTC 2015
OS/Arch: linux/amd64

The Docker Toolbox (in 1.8.x) installation configure by default your Docker Daemon to use secure connection via the TLS protocol (version 1.8).
If you were using an older version of the daemon that wasn't secured that means at least two things :
- the port number changed from 2375 to 2376
- your daemon client need to present a certificat to communicate with you docker engine/server.
So the reply of sandiindia indicates the environment variables that precise to the docker client the good configuration to connect to the docker server/engine:
#You're using a TLS secured daemon :
set DOCKER_TLS_VERIFY=1
# Precise the Docker Host IP and port, the TLS default is 2376
set DOCKER_HOST=tcp://*<docker_host_IP>*:2376
# The paths to the certificate and client key needed to authenticate to the daemon
# You should have 3 files in this directory : ca.pem, cert.pem and key.pem
# In my case the default path looks like :
set DOCKER_CERT_PATH=C:\Users\*<username>*\.docker\machine\machines\default
#the name of your Docker Host VM :
set DOCKER_MACHINE_NAME=default
The docker documentation about TLS configuration :
https://docs.docker.com/articles/https/
I hope it helps ;)

Close the virtual machine from Virtual Box (you don't have to delete it)
Close Kitematic
Close Docker Quickstart Terminal
Now do this in-order:
Open Kitematic
Open Docker Quickstart Terminal
Its important not to open Docker Quickstart Terminal before Kitematic, as Kitematic will initialize things for Docker Quickstart Terminal
I didn't need to execute any command line..
I hope this will help some body..

I too had the same problem, but I was able to solve it without having to type anything on the command line, it just worked out of the box.
It turns out a few initialization steps were missing, as pointed out in the accepted answer above. Why wasn't the default Docker installation already doing this? I also had missing certs. So, I uninstalled everything and restarted from scratch. However, after the installation completed, this time around do not open the Docker Quick Start terminal first, open Kitematic instead to do the first initialization for you.
Kitematic created the certs for me, set the missing env variables and then I opened the Docker Quick Start terminal. I typed docker run hello-world, then docker version and this time it worked as expected, no error messages.
Note that this didn't work when I opened the Quick Start terminal first.
I'm testing Docker inside VMWare 10 instances and I was able to duplicate this problem and its solution (workaround) in every case.
I hope this helps.

I fixed my issue by simply Removing the default VM in the VirtualBox manager, rebooting PC (just in case), and then re-running Docker Quickstart Terminal. That's it.
Docker 1.8.2 and Virtual Box 5.0.4

Update to the latest virtual box above 5.0.3
Restart the system
open virtual box and remove the default virtual machine
open the docker quick start terminal
run docker run hello-world
And you are done.

Delete and remove all old v.machines on your laptop:
1. Open VirtualBox, right click on 'default', Remove, 'Delete All files'.
2. Command Prompt (Run as Admin)> docker-machine rm default
Uninstall Virtualbox, Docker toolbox and Git.
Navigate to c:\Users\Vinita, and delete dirs. .docker and .Virtualbox
CClean files and registry.
Reboot.
Cleaning is done.
I. Download latest version of Docker tools for windows (1.10.2) from Docker Toolbox
Right click on the downloaded file and 'Run as administrator'
This will install - Docker Quickstart, Kitematic and Virtualbox.
II. Download latest test build of VirtualBox (5.01.15-105696-win.exe) from
Testbuilds – Oracle VM VirtualBox . Run as Administrator again.
(You can ignore any warnings and overwrite on the already Docker-installed VirtualBox).
So far, Nothing out of the ordinary. We just installed the software with Admin rights.
Now, Control Panel>Network and Sharing Center>Change adapter settings:
Right click VirtualBox Host-Only Network #2 for Properties.
Check> VirtualBox NDIS6 Bridged Networking Driver.
(If it is already checked, uncheck and check again.)
You are done. This is the only fix that we have employed!
Both Kitematic and Docker Quickstart should work now.
Right click on Kitematic and Run as admin the first time.
Tested on Windows 10.

I encountered exactly the same error when I run docker images after a system reboot. I used docker version 1.10 on Windows 7 64 bits with virtualbox 5.0.10 and mintty(the terminal come with Git for Windows)
Executing docker-machine ls showed me the virtual machine is in Timeout state.
$ docker-machine ls
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default virtualbox Timeout
So I restarted the virtual machine
$ docker-machine restart default
Then list the status again told me the cert is bound to an incorrect address:
$ docker-machine ls
Unable to query docker version: Get https://192.168.56.101:2376/v1.15/version: x509: certificate is valid for 192.168.99.101, not 192.168.56.101
Then I regenerate the cert
$ docker-machine regenerate-certs default
and finally
$ eval $(docker-machine env default --shell=bash)
Then docker is working again!

With Docker 1.8.1d had the same problem, having uninstalled 1.8.1c. Eventually fixed problem by installing latest Virtual Box (5.0.18), rebooting when prompted and starting Kitematic. Kitematic fails at first and offers option to remove and re-install the VM which I did. After that my QuickStart Terminal was OK.

It sounds like the problem with virtual box,
In my case, I have performed below steps to resolve the issue
Stop Docker machine by 'docker-machine stop'
Open Network and sharing Center in Windows OS
Click on Change Adapter settings
Disable the VirtualBox-Host Only Network
Start Docker machine by 'docker-machine start'

I had the same issue with Docker Toolbox on Windows 10 Home. The steps to fix the problem from here:
run docker-machine ls to get a list, you should probably see this:
NAME ACTIVE DRIVER STATE URL SWARM DOCKER ERRORS
default - virtualbox Stopped Unknown
Optional step upgrading (be patient):
docker-machine upgrade
restart the default:
docker-machine start default
don't worry if says:
Machine "default" is already running.
now you should be able to run docker version and see something like:
Client:
Version: 19.03.1
API version: 1.40
Go version: go1.12.7
Git commit: 74b1e89e8a
Built: Wed Jul 31 15:18:18 2019
OS/Arch: windows/amd64
Experimental: false
Server: Docker Engine - Community
Engine:
Version: 19.03.5
API version: 1.40 (minimum version 1.12)
Go version: go1.12.12
Git commit: 633a0ea838
Built: Wed Nov 13 07:28:45 2019
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.2.10
GitCommit: b34a5c8af56e510852c35414db4c1f4fa6172339
runc:
Version: 1.0.0-rc8+dev
GitCommit: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
docker-init:
Version: 0.18.0
GitCommit: fec3683

This has happened a few times for me on Windows 10 with VirtualBox 5.0.14.
It seems to be related with not shutting down VirtualBox correctly (I believe) - for example, a power cut!
Shutdown the Docker VM
Close Kitematic
Start the Docker Quickstart Terminal
Type in the terminal:
docker-machine.exe -D ls
Start Kitematic. VM's show up now.
If that does not work, try 1-3 again and this time try to regenerate
certs. Then do step 4.
One thing that is odd, is that in the terminal docker images does not list them but says it cannot connect to 127.0.0.1:2375 (but docker-machine ls shows the default machine running on 192.168.99.100:2376).

Just recreate the default machine, and then run
docker-machine env default
It works for me.

if you are using docker for windows(beta) follow this steps:
Disable the "DockerNAT" network adapter
Run the "Reset to factory defaults" via the taskbar / docker / settings / Reset to factory defaults"

On my non-virtual machine, I got same error. Below steps worked for me
Right click docker->Under Settings->General do you have Expose daemon on tcp://localhost:2375 without TLS enabled? You need to if you want to access the daemon as described. But please do keep in mind that this setting is insecure as explained in the warning.

My issue was "...error getting IP address" Thanks to all the people here who have contributed their solutions which I read through and performed these steps:
Close Docker
Open VirtualBox Manager
Delete default VM
Start Kitematic first (I think this is important)
Start Docker

Network timed out while trying to connect to https://index.docker.io

I installed Docker-Toolbox just now while following their webpage
I started with Docker QuickStart Terminal and see following
## .
## ## ## ==
## ## ## ## ## ===
/"""""""""""""""""\___/ ===
~~~ {~~ ~~~~ ~~~ ~~~~ ~~~ ~ / ===- ~~~
\______ o __/
\ \ __/
\____\_______/
docker is configured to use the default machine with IP 192.168.99.100
For help getting started, check out the docs at https://docs.docker.com
bash-3.2$
But when I try to perform docker pull hello-world, this is what I see
bash-3.2$ docker run hello-world
Unable to find image 'hello-world:latest' locally
Pulling repository docker.io/library/hello-world
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/hello-world/images. You may want to check your internet connection or if you are behind a proxy.
bash-3.2$
What's wrong?

I had the same problem this morning and the following fixed it for me:
$ docker-machine restart default # Restart the environment
$ eval $(docker-machine env default) # Refresh your environment settings
It appears that this is due to the Docker virtual machine getting itself into a strange state. There is an open github issue here

I installed Docker without the Toolbox on Windows 10, so the version that requires Hyper-V to be enabled.
For Docker version 1.12 I had to go into the taskbar, right click the Docker Icon, select Settings -> Network and set the DNS Server to fixed, so that is uses Google's DNS server at 8.8.8.8.
Once that setting was changed, it finally worked.

The simpler solution is to add the following entry in /etc/default/docker file
export http_proxy="http://HOST:PORT/"
and restart the docker service
service docker restart

Update August 2016
Using Docker for Mac (version 1.12.0), was seeing issues of the form:
➜ docker pull node
Using default tag: latest
Pulling repository docker.io/library/node
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/node/images. You may want to check your internet connection or if you are behind a proxy.`enter code here`
This was resolved by updating my MacBook Pro wireless network settings to include the following DNS entry: 8.8.8.8
For further info, please see this (dated) issue which provided the answer given here.

I ran into this problem running Docker on my MAC(host) with Docker VM in VBOX 5.10. It is a networking issue. The simple fix is to add a bridged network to the VBOX image. You can use the included NAT config present with the VM, but you need to change the ssh port from 50375 to 2375.

sudo service docker stop
sudo service docker start
works for me..
somehow, sudo service docker restart didn't work
(RHEL7)

On Windows 7 and if you believe you are behind proxy
Logon to default machine
$ docker-machine ssh default
Update profile to update proxy settings
docker#default:~$ sudo vi /var/lib/boot2docker/profile
Append from the below as appropriate
# replace with your office's proxy environment
export"HTTP_PROXY=http://PROXY:PORT"
export"HTTPS_PROXY=http://PROXY:PORT"
# you can add more no_proxy with your environment.
export"NO_PROXY=192.168.99.*,*.local,169.254/16,*.example.com,192.168.59.*"
Exit
docker#default:~$ exit
Restart docker machine
docker-machine restart default
Update environment settings
eval $(docker-machine env default)
Above steps are slightly tweaked but as given in troubleshooting guide: https://docs.docker.com/toolbox/faqs/troubleshoot/#/update-varlibboot2dockerprofile-on-the-docker-machine

I ran into this exact same problem yesterday and none of the "popular" answers (like fixing DNS to 8.8.8.8) worked for me. I eventually happened across this link, and that did the trick ... https://github.com/docker/for-win/issues/16
Between Docker for Windows, Windows 10 and Hyper-V, there seems to be a problem during the virtual network adapter creation process. Specifically, you might end up with two "vEthernet (DockerNAT)" network adapters. Check this with Get-NetAdapter "vEthernet (DockerNAT)" (in an elevated PowerShell console). If the result shows more than one adapter, you can disable and rename it with:
$vmNetAdapter = Get-VMNetworkAdapter -ManagementOS -SwitchName DockerNAT
Get-NetAdapter "vEthernet (DockerNAT)" | ? { $_.DeviceID -ne $vmNetAdapter.DeviceID } | Disable-NetAdapter -Confirm:$False -PassThru | Rename-NetAdapter -NewName "OLD"
Then open up Device Manager and delete the disabled adapter (for some reason you can do this from here, but not from the Network and Sharing Center adapters view).

I assume that you have a network problem. Are you behind a proxy? Is it possible that it filters the connection to docker.io or blocks the docker user agent?
I installed the toolbox and ran your test. It works fine, here:
docker is configured to use the default machine with IP 192.168.99.101
For help getting started, check out the docs at https://docs.docker.com
bash-3.2$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
535020c3e8ad: Pull complete
af340544ed62: Already exists
library/hello-world:latest: The image you are pulling has been verified. Important: image verification is a tech preview feature and should not be relied on to provide security.
Digest: sha256:d5fbd996e6562438f7ea5389d7da867fe58e04d581810e230df4cc073271ea52
Status: Downloaded newer image for hello-world:latest
Hello from Docker.
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker Hub account:
https://hub.docker.com
For more examples and ideas, visit:
https://docs.docker.com/userguide/
bash-3.2$

On Windows 10. Just right-click on the systray docker icon-> Settings... -> Rest -> Restrart Docker

I had this same problem with boot2docker and fixed it by restarting it with:
boot2docker restart

I just ran into this today with 1.10.1 and none of the existing solutions worked. I tried to restart, upgrade, regenerate certs, ...
I noticed that I had a lot of networks created on the machine. After removing them with:
docker network ls | grep bridge | awk '{print $1}' | xargs -n1 docker network rm
The DNS started working again.
Note: You may ignore errors about pre-defined networks

If you are behind proxy it is not enough to set HTTP_PROXY and HTTPS_PROXY env. You should set it while machine creation.
Paramer for this is --engine-env:
docker-machine create -d "virtualbox" --engine-env HTTP_PROXY=http://<PROXY>:<PORT> --engine-env HTTPS_PROXY=<PROXY>:<PORT> dev

In my case, installing docker on Alpine Linux I get the error:
Network timed out while trying to connect to https://index.docker.io/v1/repositories/library/........
Using the script here:
https://github.com/docker/docker/blob/master/contrib/download-frozen-image-v2.sh
Works. It downloads the image using curl and then shows you how to untar and 'docker load' it.
I tried the above methods of static DNS at 8.8.8.8 and disabling ipv6 (I didn't understand the proxy thing) and none of them worked for me.
EDIT 9/8/2016:
I was initially using dropbear instead of openssh. Reinstalled Alpine with openssh fixed the problem.
The next problem was 'ApplyLayer exit status 1 stdout: stderr: chmod /bin/mount: permission denied' error during pull.
From (nixaid.com/grsec-in-docker/):
To build the Docker image, I had to disable the following grsec
protections. Modify the /etc/sysctl.d/grsec.conf as follows:
kernel.grsecurity.chroot_deny_chmod = 0
kernel.grsecurity.chroot_deny_mknod = 0
kernel.grsecurity.chroot_caps = 0 # related to a systemd package/CAP_SETFCAP
in alpine's case though it's
/etc/sysctl.d/00-alpine.conf
reboot

Restarting Docker or recreating the image did not help. I rebooted Windows to no avail.
Astoundingly, when I ssh'ed into the running container and did curl https://index.docker.io/v1/repositories/library/hello-world/images I got a perfectly valid response.
I used the Docker Toolbox with VirtualBox on 64bit Windows 10 Pro.
The solution in my case was to uninstall the old Docker version and install the new one that uses Hyper-V instead of VirtualBox.
Now Docker works again.

If you are behind proxy kindly use below commands
sudo mkdir /etc/systemd/system/docker.service.d
sudo cd /etc/systemd/system/docker.service.d
sudo vi http-proxy.conf
[Service]
Environment=HTTP_PROXY=http://proxy-server-ip:port" "NO_PROXY=localhost,127.0.0.1"
sudo systemctl daemon-reload
sudo systemctl show --property=Environment docker
sudo systemctl restart docker
Try this if you can fetch latest ubuntu
sudo docker run -it ubuntu bash
Unable to find image ubuntu:latest locally
latest: Pulling from library/ubuntu b3e1c725a85f: Pull complete
4daad8bdde31: Pull complete
63fe8c0068a8: Pull complete
4a70713c436f: Pull complete
bd842a2105a8: Pull complete
Digest:
sha256:7a64bc9c8843b0a8c8b8a7e4715b7615e4e1b0d8ca3c7e7a76ec8250899c397a
Status: Downloaded newer image for ubuntu:latest
It worked for me finally :)

Another scenario: if your docker network adapter is disabled, it will fail with this error. The adapter is named "vEthernet (DockerNAT)" or similar. Apparently this adapter is involved somehow in the normal docker pull behavior. Enable it back to solve the problem.

Create a systemd drop-in directory for the docker service:
$ sudo mkdir -p /etc/systemd/system/docker.service.d
Create a file called /etc/systemd/system/docker.service.d/http-proxy.conf that adds the HTTP_PROXY environment variable:
[Service]
Environment="HTTP_PROXY=http://proxy.example.com:80/"
Hope it helps

refer to https://docs.docker.com/network/proxy/
for me, proxy setting without http:// or https:// prefix works.
e.g:
PROXY:PORT
or with / suffix with http:// or https:// prefix
e.:
http://PROXY:PORT/

On Windows this happened when I moved from a work network to a home network.
To solve it, run:
docker-machine stop
docker-machine start
docker-env
"C:\Program Files\Docker Toolbox\docker-machine.exe" env | Invoke-Expression