"server certificate verification failed" with ssl certificate from Let's Encrypt

[loraine-gueguen]

Hi Anthony and Helena,

We use the v2.x image from quay.io. We have the following error message when cloning the tripal theme from our gitlab repository (https://gitlab.sb-roscoff.fr/abims/e-infra/tripal_abims) that has a Let's Encrypt certificate (recently added):

lgueguen@docker-ci:/tmp$ docker run -it quay.io/galaxy-genome-annotation/tripal:v2.x /bin/bash
root@d7b95a327675:/var/www/html# git clone https://gitlab.sb-roscoff.fr/abims/e-infra/tripal_abims
Cloning into 'tripal_abims'...
fatal: unable to access 'https://gitlab.sb-roscoff.fr/abims/e-infra/tripal_abims/': server certificate verification failed. CAfile: none CRLfile: none

The package ca-certificates (and its dependencies) needs to be upgraded to fix this issue. The git clone is fine inside a container run from the image built with the following Dockerfile:

FROM quay.io/galaxy-genome-annotation/tripal:v2.x
RUN apt-get update && apt-get install ca-certificates openssl libgnutls30

Would it be possible to update the images available on quay.io ?

Best, Loraine

[hexylena]

I've touched the master branch, let's see if that triggers a rebuild.

[abretaud]

Looking into it: the base image is no more maintained (because php 7.1 reached its EOL). For now I'm adding an apt-get upgrade in the Dockerfile, but we should switch to a newer php version probably (:fearful:)

[loraine-gueguen]

ok. Tell me and @rdallet if we can help!

[abretaud]

The 2.x image is built now, could you test it? The 3.x image is building

[rdallet]

2.x tested. Everything is good.

[abretaud]

Wonderful!