keytool error: Certificate not imported, alias <RootCA> already exists

[erosenberg]

I'm trying to run this with a docker-compose file and keep getting this error:

From the logs:

The PKCS#12 bundle is at "/certs/server.p12" ✅
The legacy PKCS#12 encryption password is the often hardcoded default "changeit" ℹ️
Creating truststore...
keytool error: java.lang.Exception: Certificate not imported, alias <RootCA> already exists

Then the container just restarts infinitely.

version: "3.7"

services:
  mkcert:
    container_name: mkcert
    image: nmasse/mkcert
    restart: unless-stopped
    hostname: mkcert
    environment:
       SERVER_HOSTNAMES: "my-comp.lan localhost"
    volumes:
      - ./mkcert:/certs

Any ideas on what to try next?

[erosenberg]

I figured out this was because I had specified it to restart unless-stopped, when it should probably just be the default no, so that it runs only once. I believe it worked successfully, however I got this warning that seems more related to mkcert than your project.

mkcert | Certificate was added to keystore
mkcert | Warning:
mkcert | The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore /certs/keystore.jks -destkeystore /certs/keystore.jks -deststoretype pkcs12".
mkcert exited with code 0

Either way, the service has been changed to this and it seems to work other than the warning message:

mkcert:
    container_name: mkcert
    image: nmasse/mkcert
    # restart: unless-stopped
    hostname: mkcert
    environment:
      SERVER_HOSTNAMES: "my-comp.lan localhost"
    volumes:
      - ./mkcert:/certs

Just posting this here in case it helps anyone.