Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

[arietids]

Host operating system

Raspbian

What tag are you using

5.13.29-arm32v7

What complete docker command or docker-compose.yml do you use to launch the container (omitting sensitive values)?

docker run --init --restart always -d -p 3478:3478/udp -p 8080:8080 -p 8443:8443 -p 8843:8843 -p 10001:10001/udp -e TZ='Europe/Warsaw' -v ~/unifi:/unifi --name unifi jacobalberty/unifi:5.13.29-arm32v7

What actually happens?

If using jacobalberty/unifi:5.12.72-arm32v7 no problem. After change to jacobalberty/unifi:5.13.29-arm32v7 problem with connecting to remote access, check for updates failed. In log/server.log you can see: [2020-06-26T14:24:05,540] WARN fwupdate - Cannot download latest controller version: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty [2020-06-26T14:24:07,146] WARN fwupdate - Cannot download latest controller version: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty [2020-06-26T14:24:23,265] WARN fwupdate - unable to get update info for channel RELEASE: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.ssl.Alerts.getSSLException(Alerts.java:214) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1924) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1907) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1423) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400) ~[?:1.8.0_252] at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:175) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) ~[commons-httpclient-3.1-atlassian-2.jar:?] at com.ubnt.net.C.super.B.D.new(Unknown Source) ~[ace.jar:?] at com.ubnt.service.a.F.o00000(Unknown Source) [ace.jar:?] at com.ubnt.service.H.Object.ö00000(Unknown Source) [ace.jar:?] at com.ubnt.service.H.Object.ÔÖO000(Unknown Source) [ace.jar:?] at com.ubnt.service.H.o0OO.doCmd(Unknown Source) [ace.jar:?] at com.ubnt.ace.api.ApiUtils.execute(Unknown Source) [ace.jar:?] at com.ubnt.ace.api.ApiUtils.execute(Unknown Source) [ace.jar:?] at com.ubnt.service.H.Object.super(Unknown Source) [ace.jar:?] at com.ubnt.ace.api.N.o00000(Unknown Source) [ace.jar:?] at com.ubnt.ace.api.ApiServlet.service(Unknown Source) [ace.jar:?] at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) [tomcat-embed-websocket-8.5.51.jar:8.5.51] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.51.jar:8.5.51] at com.ubnt.ace.view.AuthFilter.doFilter(Unknown Source) [ace.jar:?] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.filters.CorsFilter.handleNonCORS(CorsFilter.java:364) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.filters.CorsFilter.doFilter(CorsFilter.java:170) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:543) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:609) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:818) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1623) [tomcat-embed-core-8.5.51.jar:8.5.51] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.51.jar:8.5.51] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_252] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_252] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.51.jar:8.5.51] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_252] Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.(PKIXValidator.java:104) ~[?:1.8.0_252] at sun.security.validator.Validator.getInstance(Validator.java:181) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:318) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:179) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:193) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) ~[?:1.8.0_252] ... 46 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[?:1.8.0_252] at java.security.cert.PKIXParameters.(PKIXParameters.java:120) ~[?:1.8.0_252] at java.security.cert.PKIXBuilderParameters.(PKIXBuilderParameters.java:104) ~[?:1.8.0_252] at sun.security.validator.PKIXValidator.(PKIXValidator.java:102) ~[?:1.8.0_252] at sun.security.validator.Validator.getInstance(Validator.java:181) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:318) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:179) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:193) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) ~[?:1.8.0_252] ... 46 more [2020-06-26T14:25:12,031] WARN api - failed to authenticate to SSO: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

[reibuehl]

I have a similar issue: I did a new install of jacobalberty/unifi, tag arm32v7-beta today on Armbian. The Controller does not start and in the server log I only see: [2020-07-01T22:15:24,571] <main> WARN system - reload system.properties failed: file not found [2020-07-01T22:15:24,637] <main> WARN system - reload system.properties.bk failed: file not found [2020-07-01T22:15:24,645] <main> INFO system - *** Running for the first time, creating identity *** [2020-07-01T22:15:24,648] <main> INFO system - UUID: 46d15fca-3c87-466a-b4a9-a89ec1644e7e [2020-07-01T22:15:24,650] <main> WARN system - reload system.properties failed: file not found [2020-07-01T22:15:24,651] <main> WARN system - reload system.properties.bk failed: file not found [2020-07-01T22:15:24,933] <main> INFO system - Reporter UUID: [2020-07-01T22:15:47,427] <localhost-startStop-1> INFO Version - HV000001: Hibernate Validator 6.1.2.Final [2020-07-01T22:15:50,194] <localhost-startStop-1> INFO system - ====================================================================== [2020-07-01T22:15:50,197] <localhost-startStop-1> INFO system - UniFi 5.13.29 (build atag_5.13.29_13635 - release/release) is started [2020-07-01T22:15:50,198] <localhost-startStop-1> INFO system - ====================================================================== [2020-07-01T22:15:50,209] <localhost-startStop-1> INFO system - BASE dir:/usr/lib/unifi [2020-07-01T22:15:50,644] <localhost-startStop-1> INFO system - Current System IP: 172.17.0.2 [2020-07-01T22:15:50,647] <localhost-startStop-1> INFO system - Hostname: be279b1139e5 [2020-07-01T22:15:50,648] <localhost-startStop-1> INFO system - ubic.env: prod [2020-07-01T22:15:53,305] <localhost-startStop-1> WARN system - Valid keystore is missing or invalid. Generating one ... [2020-07-01T22:15:53,307] <localhost-startStop-1> INFO system - Generating Certificate[UniFi]... please wait... [2020-07-01T22:16:09,929] <localhost-startStop-1> INFO system - Certificate[UniFi] generated! [2020-07-01T22:16:11,309] <localhost-startStop-1> INFO db - waiting for db connection... [2020-07-01T22:16:14,314] <localhost-startStop-1> INFO db - Connecting to mongodb://localhost:27117 [2020-07-01T22:16:14,535] <db-server> INFO db - 2020-07-01T20:16:14.534+0000 [2020-07-01T22:16:14,539] <db-server> INFO db - 2020-07-01T20:16:14.535+0000 warning: 32-bit servers don't have journaling enabled by default. Please use --journal if you want durability. [2020-07-01T22:16:14,549] <db-server> INFO db - 2020-07-01T20:16:14.536+0000 [2020-07-01T22:16:19,744] <localhost-startStop-1> INFO db - Connecting to mongodb://localhost:27117 [2020-07-01T22:16:23,472] <localhost-startStop-1> INFO productinfo - Using controller channel=RELEASE, firmware channel=RELEASE. Available controller channels=[RELEASE], available firmware channels=[RELEASE]. SSO is disabled. [2020-07-01T22:16:24,050] <localhost-startStop-1> WARN dev - failed to read /usr/lib/unifi/data/model_lifecycles.json - /usr/lib/unifi/data/model_lifecycles.json (No such file or directory) [2020-07-01T22:16:26,588] <localhost-startStop-1> INFO webrtc - WebRTC library version: EvoStream Media Server (www.evostream.com) build v2.9.1 - Gladiator - (built for Debian-8.2.0-armhf on 2020-02-05T23:38:32.000) OpenSSL version: 1.1.1d usrsctp version: v0.1.2 compiled on machine: Linux debian-8-2-0-64 3.16.0-6-amd64 #1 SMP Debian 3.16.57-2 (2018-07-14) x86_64 GNU/Linux [2020-07-01T22:16:32,994] <localhost-startStop-1> INFO remote - Created directory: /usr/lib/unifi/logs/remote [2020-07-01T22:16:34,877] <model-lifecycle-cache-refresh> WARN dev - failed to retrieve EOL stats from - I/O error on GET request for "https://static.ubnt.com/network/devices/lifecycle.json": java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty; nested exception is javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty [2020-07-01T22:16:36,629] <localhost-startStop-1> INFO sdn - Removed fingerbank token [2020-07-01T22:17:37,232] <autoupdate-check> WARN fwupdate - unable to get update info for channel RELEASE: javax.net.ssl.SSLException: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.ssl.Alerts.getSSLException(Alerts.java:214) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1967) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1924) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1907) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1423) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400) ~[?:1.8.0_252] at org.apache.commons.httpclient.protocol.SSLProtocolSocketFactory.createSocket(SSLProtocolSocketFactory.java:175) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) ~[commons-httpclient-3.1-atlassian-2.jar:?] at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) ~[commons-httpclient-3.1-atlassian-2.jar:?] at com.ubnt.net.C.super.B.D.new(Unknown Source) ~[ace.jar:?] at com.ubnt.service.a.F.o00000(Unknown Source) [ace.jar:?] at com.ubnt.service.H.Object.ö00000(Unknown Source) [ace.jar:?] at com.ubnt.service.H.Object.ÔÖO000(Unknown Source) [ace.jar:?] at com.ubnt.service.system.y$4.run(Unknown Source) [ace.jar:?] at com.ubnt.ace.G$_OOo.run(Unknown Source) [ace.jar:?] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_252] at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308) [?:1.8.0_252] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180) [?:1.8.0_252] at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294) [?:1.8.0_252] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) [?:1.8.0_252] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) [?:1.8.0_252] at java.lang.Thread.run(Thread.java:748) [?:1.8.0_252] Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:104) ~[?:1.8.0_252] at sun.security.validator.Validator.getInstance(Validator.java:181) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:318) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:179) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:193) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) ~[?:1.8.0_252] ... 20 more Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[?:1.8.0_252] at java.security.cert.PKIXParameters.<init>(PKIXParameters.java:120) ~[?:1.8.0_252] at java.security.cert.PKIXBuilderParameters.<init>(PKIXBuilderParameters.java:104) ~[?:1.8.0_252] at sun.security.validator.PKIXValidator.<init>(PKIXValidator.java:102) ~[?:1.8.0_252] at sun.security.validator.Validator.getInstance(Validator.java:181) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.getValidator(X509TrustManagerImpl.java:318) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrustedInit(X509TrustManagerImpl.java:179) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:193) ~[?:1.8.0_252] at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1670) ~[?:1.8.0_252] at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:226) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1082) ~[?:1.8.0_252] at sun.security.ssl.Handshaker.process_record(Handshaker.java:1010) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1079) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) ~[?:1.8.0_252] at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) ~[?:1.8.0_252] ... 20 more [2020-07-01T22:21:33,567] <check-iot-certificate> WARN sdn - failed to get connectivity details: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

[kmosher]

I've been getting the same error after about empty trustAnchors after updating (currently 15.13.32-arm32v7) and trying to use features that require talking to ui.com. Poking around the docker container, it looks like /etc/ssl/certs/java/cacerts hasn't been populated and is only 32 bytes. Running /var/lib/dpkg/info/ca-certificates-java.postinst configure populates it correctly, and after committing the modified container as a new image and runing that, everything seems to work again.

I don't know where the docker build is going wrong though. Cloning and building the arm32v7 on my raspi results in a working image with a correctly populated cacerts. But it looks like the dockerhub image is built via the cross-compilation branch, so the issue might be specific to that branch?

[3DIRK]

What helped for me:

• exec into container
• execute "update-ca-certificates -f"
• execute "/var/lib/dpkg/info/ca-certificates-java.postinst configure"
• leave container
• restart container

[kpine]

Looks like a duplicate of #323, which has a workaround posted. It continues to work after pulling a new image and re-creating the container.

[jacobalberty]

This does indeed look like a duplicate of #323 closing now as #369 contained the fix for it. Just use latest or 6.0 instead of the old arm32v7 tag