Docker Community Forums

Share and learn in the Docker community.

Certificate problems on docker image for rpi (alpine)

General Discussions
,
#1

I’m trying to build GitHub - kylemanna/docker-openvpn: 🔒 OpenVPN server in a Docker container complete with an EasyRSA PKI CA on my raspberry. I tried it on 2 raspberries in different internet connections and I get the same error:

pi@raspberrypi:~/docker-openvpn $ sudo docker build -t openvpn .
Sending build context to Docker daemon  598.5kB
Step 1/14 : FROM alpine:latest
 ---> 6ecc03ee95e9
Step 2/14 : LABEL maintainer="Kyle Manna <kyle@kylemanna.com>"
 ---> Using cache
 ---> bb2d2f08fbd2
Step 3/14 : RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories &&     apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester &&     ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin &&     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*
 ---> Running in c27781ff6d02
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/main/armv7/APKINDEX.tar.gz
1996104592:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
1996104592:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
1996104592:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
1996104592:error:0D0D90AD:asn1 encoding routines:ASN1_TIME_adj:error getting time:crypto/asn1/a_time.c:330:
1996104592:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:1913:
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.13/main: Permission denied
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/main: No such file or directory
fetch https://dl-cdn.alpinelinux.org/alpine/v3.13/community/armv7/APKINDEX.tar.gz
ERROR: https://dl-cdn.alpinelinux.org/alpine/v3.13/community: temporary error (try again later)
WARNING: Ignoring https://dl-cdn.alpinelinux.org/alpine/v3.13/community: No such file or directory
fetch http://dl-cdn.alpinelinux.org/alpine/edge/testing/armv7/APKINDEX.tar.gz
ERROR: unable to select packages:
  bash (no such package):
    required by: world[bash]
  easy-rsa (no such package):
    required by: world[easy-rsa]
  google-authenticator (no such package):
    required by: world[google-authenticator]
  iptables (no such package):
    required by: world[iptables]
  openvpn (no such package):
    required by: world[openvpn]
  openvpn-auth-pam (no such package):
    required by: world[openvpn-auth-pam]
  linux-pam (no such package):
    required by: pamtester-0.1.2-r2[linux-pam]
  so:libpam.so.0 (no such package):
    required by: pamtester-0.1.2-r2[so:libpam.so.0]
  so:libpam_misc.so.0 (no such package):
    required by: pamtester-0.1.2-r2[so:libpam_misc.so.0]
The command '/bin/sh -c echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing/" >> /etc/apk/repositories &&     apk add --update openvpn iptables bash easy-rsa openvpn-auth-pam google-authenticator pamtester &&     ln -s /usr/share/easy-rsa/easyrsa /usr/local/bin &&     rm -rf /tmp/* /var/tmp/* /var/cache/apk/* /var/cache/distfiles/*' returned a non-zero code: 10

Something is happening in alpine repositories adding

How can I solve this?

#2

I was having this issue in an ARM Ubuntu 20.04 container.

I installed ca-certificates and curl, but I still couldn’t use curl. For me the fix ended up being adding the following before calling curl:

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt