Open
Description
Environment
- Platform: Linux
- Docker Version: 25.0.3
- Node.js Version: 20.12.0
- Image Tag: 20-alpine
This issue can happen in any docker image.
Expected Behavior
Any request to a valid https url with a valid certificate should return with no SSL/TLS issues.
Current Behavior
Requesting any website with a recently updated https certificate and issued from a recently updated root CA will fail.
Possible Solution
Include the appropriate command to update the certificates in the Dockerfiles.
E.g.: apk add --upgrade --no-cache ca-certificates-bundle for the Alpine images.
Running this command in the latest node:20-alpine image as root will yield:
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.19/community/x86_64/APKINDEX.tar.gz
(1/1) Upgrading ca-certificates-bundle (20230506-r0 -> 20240226-r0)
OK: 10 MiB in 17 packagesThis is my current workaround for this issue, it would be awesome to have this baked in the official images.
Steps to Reproduce
- Given this command:
docker run --rm -it node:20-alpine node -e 'const https=require("node:https");https.get("{URL}",(r)=>console.log(r.statusCode)).on("error",(e)=>console.error(e)) ;' - Replace
{URL}with a website where the certificate was issued recently and the root for it is in the newly updated bundle but not in the previous bundle. - Run the command
Additional Information
- Updating the base image might also give the desired result but is not as good as actually updating the certificates.
- Sadly, I can't share the actual URL where I've caught this issue and couldn't find another one to better illustrate the test case. What I can say is that it is using a Goddady issued certificate that was issued yesterday (2024-03-31).
Metadata
Metadata
Assignees
Labels
No labels