diff --git a/CHANGELOG.md b/CHANGELOG.md
index db99c39eb303..a50579b01e37 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,9 @@ IMPROVEMENTS:
  * env: Default interpolation of optional meta fields of parameterized jobs to
    an empty string rather than the field key. [[GH-3720](https://github.com/hashicorp/nomad/issues/3720)]
 
+BUG FIXES:
+ * driver/docker: Fix docker credential helper support [[GH-4266](https://github.com/hashicorp/nomad/issues/4266)]
+
 ## 0.8.3 (April 27, 2018)
 
 BUG FIXES:
diff --git a/client/driver/docker.go b/client/driver/docker.go
index cc31e547eae3..2e7c9b440d56 100644
--- a/client/driver/docker.go
+++ b/client/driver/docker.go
@@ -2130,13 +2130,15 @@ func authFromHelper(helperName string) authBackend {
 		helper := dockerAuthHelperPrefix + helperName
 		cmd := exec.Command(helper, "get")
 
-		// Ensure that the HTTPs prefix exists
-		if !strings.HasPrefix(repo, "https://") {
-			repo = fmt.Sprintf("https://%s", repo)
+		repoParsed, err := reference.ParseNamed(repo)
+		if err != nil {
+			return nil, err
 		}
 
-		cmd.Stdin = strings.NewReader(repo)
+		// Ensure that the HTTPs prefix exists
+		repoAddr := fmt.Sprintf("https://%s", repoParsed.Hostname())
 
+		cmd.Stdin = strings.NewReader(repoAddr)
 		output, err := cmd.Output()
 		if err != nil {
 			switch err.(type) {
diff --git a/client/driver/docker_linux_test.go b/client/driver/docker_linux_test.go
new file mode 100644
index 000000000000..4c68799ec45b
--- /dev/null
+++ b/client/driver/docker_linux_test.go
@@ -0,0 +1,41 @@
+package driver
+
+import (
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestDockerDriver_authFromHelper(t *testing.T) {
+	dir, err := ioutil.TempDir("", "test-docker-driver_authfromhelper")
+	require.NoError(t, err)
+	defer os.RemoveAll(dir)
+	helperPayload := "{\"Username\":\"hashi\",\"Secret\":\"nomad\"}"
+	helperContent := []byte(fmt.Sprintf("#!/bin/sh\ncat > %s/helper-$1.out;echo '%s'", dir, helperPayload))
+
+	helperFile := filepath.Join(dir, "docker-credential-testnomad")
+	err = ioutil.WriteFile(helperFile, helperContent, 0777)
+	require.NoError(t, err)
+
+	path := os.Getenv("PATH")
+	os.Setenv("PATH", fmt.Sprintf("%s:%s", path, dir))
+	defer os.Setenv("PATH", path)
+
+	helper := authFromHelper("testnomad")
+	creds, err := helper("registry.local:5000/repo/image")
+	require.NoError(t, err)
+	require.NotNil(t, creds)
+	require.Equal(t, "hashi", creds.Username)
+	require.Equal(t, "nomad", creds.Password)
+
+	if _, err := os.Stat(filepath.Join(dir, "helper-get.out")); os.IsNotExist(err) {
+		t.Fatalf("Expected helper-get.out to exist")
+	}
+	content, err := ioutil.ReadFile(filepath.Join(dir, "helper-get.out"))
+	require.NoError(t, err)
+	require.Equal(t, []byte("https://registry.local:5000"), content)
+}