[Bug] Docker CA Certs are outdated

Question

[Bug] Docker CA Certs are outdated

shrik450 opened this issue 10 months ago · 6 comments

Description of the bug

The certs in the docker image are out of date and fail to connect a WebDAV server that is using a cert based on a newer root cert. This affected my setup using caddy-webdav, which used a Let's Encrypt cert signed on Feb 1. Updating the ca-certs in the image using apt-get install ca-certificates resolved this.

Step by step instructions to reproduce the bug

Set up a webdav server, maybe using caddy-webdav
Attempt to connect to the webdav server

Can you replicate that error from the demo?

Haven't tried; I don't want to submit my WebDAV credentials on another site.

Observed behavior

Connection fails with this log line:

SYST DEBUG session::auth 'GetHome' Propfind "<host>": x509: certificate signed by unknown authority

Expected behavior

Connection should succeed.

Answer 1 · 2024-03-10T03:07:45.000Z

I recently had the same issue connecting to my Digital Ocean instance, exact same error:

2024/03/10 03:02:13 SYST DEBUG session::auth 'GetHome' RequestError: send request failed
caused by: Get "https://syd1.digitaloceanspaces.com/": x509: certificate signed by unknown authority

Answer 2 · 2024-03-10T03:24:43.000Z

In the meantime for others stumbling across this problem do the following to update the CA Certificates:

Sign into your Filestash container: docker exec --user root -it YOURCONTAINERIDHERE bash
Install CA Certs: apt-get install ca-certificates
Update the Certs with this command: update-ca-certificates -f
Restart the docker container, otherwise it still reads the old certs.

Thanks @shrik450 for sharing your temporary solution, I thought I'd extend on it to help others. Have a great day.

Answer 3 · 2024-03-11T00:09:57.000Z

I would not suggest doing this via shell in a docker container - you're kind of defeating the point of using docker in the first place, as you could replace that with the binary and required dependencies. Instead, add the install to the Dockerfile in this repo and use that to build the image again, which will help you if you need to rebuild or redeploy later.

Answer 4 · 2024-03-11T05:02:50.000Z

Depends on your requirements of course, I am sure other experienced software developers understand the limitations of my solution for their intents and purposes. Thanks again and all the best @shrik450.

Answer 5 · 2024-03-22T11:57:15.000Z

Can you replicate that on the latest image?

Answer 6 · 2024-07-06T08:15:26.000Z

I can confirm the problem is still persisting. If you require further debugging I am happy to make myself available to help out.