This error occurs when Docker cannot find the specified image tag in the container registry. The most common cause is requesting a tag that doesn't exist, such as a typo in the version number or using 'latest' when it was never pushed.
When you run `docker pull` or `docker run`, Docker contacts the container registry (like Docker Hub) to fetch the image manifest. The manifest is a JSON file that describes the image layers, configuration, and supported platforms. This error means the registry returned "manifest unknown" - indicating that no manifest exists for the specific image:tag combination you requested. In the example `nginx:nonexistent`, Docker found the `nginx` repository but there's no tag called `nonexistent`. The error format typically looks like: ``` Error response from daemon: manifest for <image>:<tag> not found: manifest unknown: manifest unknown ``` This is one of the most common Docker errors, usually caused by a simple typo or requesting a tag that was never published.
The first step is to verify which tags actually exist for the image.
For official Docker Hub images, visit:
https://hub.docker.com/_/<image-name>/tagsFor example, for nginx: https://hub.docker.com/_/nginx/tags
For user/organization images, visit:
https://hub.docker.com/r/<username>/<image-name>/tagsUsing the command line:
# List tags via Docker Hub API (official images)
curl -s "https://registry.hub.docker.com/v2/repositories/library/nginx/tags?page_size=100" | jq -r '.results[].name'
# List tags for user images
curl -s "https://registry.hub.docker.com/v2/repositories/username/myimage/tags?page_size=100" | jq -r '.results[].name'Review your image:tag for common mistakes:
# Version number typos
docker pull ubuntu:20.4 # WRONG - should be 20.04
docker pull node:18.0 # WRONG - should be 18 or 18.0.0
docker pull python:3.10 # CORRECT - but 3.1 and 3.10 are different!
# Spelling mistakes
docker pull nginx:latests # WRONG - should be latest
docker pull nginx:alpnie # WRONG - should be alpine
docker pull nginx:mainlne # WRONG - should be mainline
# Case sensitivity
docker pull nginx:Alpine # WRONG - should be alpine (lowercase)Docker tags are case-sensitive. Always double-check the exact tag name from the registry.
Many images do not have a latest tag. When no tag is specified, Docker defaults to latest, which may not exist.
# These may fail if 'latest' doesn't exist
docker pull kibana # Implicitly uses :latest
docker pull kibana:latest # Explicitly uses :latest
# Use specific versions instead
docker pull kibana:8.11.3 # CORRECT - use actual version
docker pull elasticsearch:8.11.3Images commonly without a 'latest' tag:
- Elasticsearch and Kibana
- Hyperledger Fabric images
- Some Microsoft images
- Many enterprise software images
Always check the registry for available tags rather than assuming latest exists.
Some popular images have been renamed or moved to new namespaces:
# Deprecated images that will fail
docker pull jenkins:latest # Deprecated
docker pull microsoft/dotnet:latest # Moved to MCR
# Correct alternatives
docker pull jenkins/jenkins:lts
docker pull mcr.microsoft.com/dotnet/aspnet:8.0Check for similar image names:
# Search Docker Hub
docker search nginx
# These are different images!
docker pull nginx # Official nginx
docker pull nginxinc/nginx # Nginx Inc's image
docker pull bitnami/nginx # Bitnami's nginxRead the image's Docker Hub page for deprecation notices.
If the tag exists but doesn't support your platform (e.g., ARM vs x86), you'll get a manifest error.
# Check what platforms an image supports
docker manifest inspect nginx:alpine
# Pull for a specific platform
docker pull --platform linux/amd64 nginx:alpine
docker pull --platform linux/arm64 nginx:alpineThis is common on:
- Apple Silicon Macs (arm64)
- Raspberry Pi and ARM servers
- Windows ARM devices
If your platform isn't supported, you may need to find an alternative image or build your own.
For private registries, authentication failures sometimes appear as "manifest not found" errors.
# Log in to Docker Hub
docker login
# Log in to a private registry
docker login registry.example.com
# Log in to GitHub Container Registry
docker login ghcr.io -u USERNAME -p YOUR_PAT
# Log in to AWS ECR
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 123456789012.dkr.ecr.us-east-1.amazonaws.comAfter logging in, retry the pull. If the image is private, ensure you have read access to the repository.
Ensure you're pulling from the correct registry:
# Docker Hub (default)
docker pull nginx:alpine
docker pull docker.io/library/nginx:alpine
# GitHub Container Registry (new)
docker pull ghcr.io/owner/image:tag
# GitHub Packages (deprecated - may fail!)
docker pull docker.pkg.github.com/owner/repo/image:tag # DEPRECATED
# Amazon ECR
docker pull 123456789012.dkr.ecr.us-east-1.amazonaws.com/myimage:tag
# Google Container Registry
docker pull gcr.io/project-id/image:tag
# Azure Container Registry
docker pull myregistry.azurecr.io/image:tagIf using GitHub packages, migrate from docker.pkg.github.com to ghcr.io.
### Understanding Docker Image Tags
Tags are mutable labels pointing to specific image digests. The same tag can point to different images over time (e.g., latest changes with each release).
For reproducible builds, use immutable SHA256 digests:
# Pull by digest (immutable)
docker pull nginx@sha256:6926dd802f40e5e7257fded83e0d8030039642e4e10c4a98a6478e9c6f0a6f63
# Get the digest for a tag
docker inspect --format='{{index .RepoDigests 0}}' nginx:alpine### Listing All Tags with skopeo
For advanced tag inspection, use skopeo:
# Install skopeo
# Ubuntu/Debian: apt install skopeo
# macOS: brew install skopeo
# List all tags
skopeo list-tags docker://nginx
# Inspect image without pulling
skopeo inspect docker://nginx:alpine### Registry API Direct Queries
Query the Docker Registry HTTP API directly:
# Get auth token (for Docker Hub)
TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/nginx:pull" | jq -r .token)
# List tags
curl -s -H "Authorization: Bearer $TOKEN" "https://registry-1.docker.io/v2/library/nginx/tags/list" | jq
# Check if specific tag exists
curl -sI -H "Authorization: Bearer $TOKEN" "https://registry-1.docker.io/v2/library/nginx/manifests/alpine"
# 200 = exists, 404 = not found### Multi-Architecture Manifests
Modern images use manifest lists (fat manifests) for multi-arch support:
# View manifest list
docker manifest inspect nginx:alpine
# Create your own multi-arch manifest
docker manifest create myimage:latest \
myimage:amd64 \
myimage:arm64
docker manifest push myimage:latest### Rate Limiting on Docker Hub
Docker Hub limits pulls for anonymous and free users. Rate limit errors can sometimes appear confusing. Check your status:
TOKEN=$(curl -s "https://auth.docker.io/token?service=registry.docker.io&scope=repository:library/nginx:pull" | jq -r .token)
curl -sI -H "Authorization: Bearer $TOKEN" https://registry-1.docker.io/v2/library/nginx/manifests/latest 2>&1 | grep -i ratelimitTo avoid rate limits:
- Log in to Docker Hub (authenticated users get higher limits)
- Use a Docker Hub mirror
- Cache images locally with a registry mirror
dockerfile parse error line 5: unknown instruction: RRUN
How to fix 'unknown instruction' Dockerfile parse error in Docker
Error response from daemon: invalid reference format: repository name must be lowercase
How to fix 'repository name must be lowercase' in Docker
Error response from daemon: No such image
How to fix 'No such image' in Docker
Error response from daemon: Container is not running
How to fix 'Container is not running' when using docker exec
the input device is not a TTY
How to fix 'the input device is not a TTY' in Docker