Self-signed certificate validation in the certificate chain failed (_ssl.c:1007)

[LavenderEstela]

Self Checks

• [X] This is only for bug report, if you would like to ask a question, please head to Discussions.
• [X] I have searched for existing issues search for existing issues, including closed ones.
• [X] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• [X] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
• [X] Please do not modify this template :) and fill in all the required fields.

Dify version

v0.6.14

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

hello!

Q1. When I tried to configure the firecrawl API, I had the SSL problem for the first time HTTPSConnectionPool(host='api.firecrawl.dev', port=443): Max retries exceeded with url: /v0/crawl (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007)')))

Q2. I tried the jina API again and I had the same problem [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007)

Q3. When I wanted to use web crawling instead of the above two functions, I still had the SSL problem Node 网页爬虫 run failed: Failed to invoke tool: HTTPSConnectionPool(host='www.elecfans.com', port=443): Max retries exceeded with url: /news/hangye/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1007)')))

ps：I found that I was able to configure the API of Zhipu AI normally

What i did but it didn't work：

1. I refer to this article #6499 ,make the SSRF_PROXY_HTTP_URL and SSRF_PROXY_HTTPS_URL is empty
2. I refer to this article #6244 ,make the HTTP_PROXY and HTTPS_PROXY is empty
3. I refer to this article #3908 ,According to her description, her problem is the closest to mine, and I refer to the method she provided to store the certificate inside, but unfortunately the previous problems still appear

Please help me, thanks

✔️ Expected Behavior

The API can be configured normally or crawled successfully

❌ Actual Behavior

SSL issue

[dosubot[bot]]

@LavenderEstela 你好! I'm here to assist you with bugs, questions, and more. Let's work together to resolve the SSL issue you're experiencing.

To resolve the SSL certificate verification failures due to self-signed certificates in your self-hosted Dify v0.6.14 setup using Docker, you can add the self-signed certificate to the trusted certificates in your Docker containers. Here is how you can do it:

1. Copy the Self-Signed Certificate to the Docker Container:

   First, copy your self-signed certificate to the Docker container. You can do this by mounting the certificate file into the container using Docker volumes.

   docker cp /path/to/your/self-signed-cert.crt <container_id>:/usr/local/share/ca-certificates/self-signed-cert.crt

2. Update the CA Certificates in the Container:

   Once the certificate is inside the container, you need to update the CA certificates. You can do this by running the following command inside the container:

   docker exec -it <container_id> update-ca-certificates

3. Restart the Docker Containers:

   After updating the CA certificates, restart your Docker containers to apply the changes.

   docker compose down
   docker compose up -d

By following these steps, you should be able to resolve SSL certificate verification failures due to self-signed certificates in your Dify setup ^[1].

To continue talking to Dosu, mention @dosu.