Failed to connect to download.docker.com port 443: Connection timed out

[root@master ~]# dnf -y update
Manticore Repository 5.2 kB/s | 3.0 kB 00:00
Manticore Repository 71 kB/s | 121 kB 00:01
Docker CE Stable - aarch64 0.0 B/s | 0 B 01:00
Errors during downloading metadata for repository ‘docker-ce-stable’:

  • Curl error (28): Timeout was reached for https://download.docker.com/linux/centos/9/aarch64/stable/repodata/repomd.xml [Failed to connect to download.docker.com port 443: Connection timed out]
    Error: Failed to download metadata for repo ‘docker-ce-stable’: Cannot download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
    [root@master ~]#
    [root@node1 ~]# dnf -y update
    Rocky Linux 9 - BaseOS 3.9 kB/s | 4.1 kB 00:01
    Rocky Linux 9 - BaseOS 937 kB/s | 2.3 MB 00:02
    Rocky Linux 9 - AppStream 4.5 kB/s | 4.5 kB 00:00
    Rocky Linux 9 - AppStream 4.4 MB/s | 7.0 MB 00:01
    Rocky Linux 9 - Extras 22 kB/s | 2.9 kB 00:00
    Rocky Linux 9 - Extras 48 kB/s | 15 kB 00:00
    Error:
    Problem: package kmod-kvdo-8.2.3.3-117.el9.aarch64 from baseos conflicts with kernel-64k provided by kernel-64k-5.14.0-362.18.1.el9_3.0.1.aarch64 from @System
  • cannot install the best update candidate for package kmod-kvdo-8.2.1.6-102.el9_3.aarch64
  • problem with installed package kernel-64k-5.14.0-362.18.1.el9_3.0.1.aarch64
    (try to add ‘–allowerasing’ to command line to replace conflicting packages or ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)
    [root@node1 ~]#
    How can I fix it? Thanks

Did you try to manually reach it from the shell?

user@host: ~$ curl https://download.docker.com/linux/centos/9/aarch64/stable/repodata/repomd.xml

If you cannot reach it, the problem could lie on your network setup, probably the firewall.

Thanks for your help, I can reach it, how can I instead of it
[root@master ~]# curl https://download.docker.com/linux/centos/9/aarch64/stable/repodata/repomd.xml
curl: (7) Failed to connect to download.docker.com port 443: Connection refused
[root@master ~]#

So your connection gets rejected at some point. I would check the following:

  • Are you on a corporate network? If so, you should check if the firewall is blocking the connection.
  • If someone else has configured the box very restrictively, it could be your firewalld or nftables blocking it
  • Theoretically download.docker.com could be geoblocking, but I do not think they do.

Traceroute may be helpful traceroute:

[hs303@rocky ~]$ sudo traceroute -T -p 443 download.docker.com

"traceroute -T -p 443 download.docker.com " it does not work, I tried to switch different network environment, it has same result, I think it was blocked by China firewall.

[root@master ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:ab:ae:6f brd ff:ff:ff:ff:ff:ff
altname enp2s0
inet 172.16.62.200/24 brd 172.16.62.255 scope global noprefixroute ens160
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feab:ae6f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:f1:0a:09:48 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
[root@master ~]#
I found docker0 link state is down, I restart docker service but it is good, dnf update still failed

I oversaw that there is another problem. One issue being not able to connect to the docker repositories, the other one being conflicts between installed kernel module and the installed kernel.

problem with installed package kernel-64k-5.14.0-362.18.1.el9_3.0.1.aarch64
(try to add ‘–allowerasing’ to command line to replace conflicting packages or ‘–skip-broken’ to skip uninstallable packages or ‘–nobest’ to use not only best candidate packages)

So maybe to resolve this, try to omit docker updates at first and try to fix the confilcts. The above line basically tells you what are the options. You probably want to go with -allowerasing to replace the conflicting packages.

root@node1:~$ dnf --disablerepo=docker --allowerasing update

thanks for your help, I used the command “dnf --disablerepo=docker --allowerasing update”, but the issue still exists, so I disabled docker-ce.repo, and run the command again, it worked for me.

Great! If you want to use the docker repos, consider using a proxy.
The other option is to use podman instead of docker. It is natively supported in RHEL and is included in the appstream repo. To disable the docker repo permanently use dnf config-manager --set-disabled docker-ce.repo.
And please mark this topic as solved.

1 Like

Thank you for your assistance, How can I use podman?

Just install podman with:

user@rocky: ~$ sudo dnf install podman podman-compose

You can run docker containers with podman. podman uses mostly the same commands as docker. So just give it a try.
For more info refer to What is Podman? — Podman documentation.

China has been blocking Docker lately, it’s probably the word “docker” is getting censored.

Thank you a lot, I am learning how to use podman.

How can Imark this topic as solved?