search

wHyEt / Awtrix2-Docker

Official Docker Container for Awtrix2 Host in collaboration with Blueforcer.
25 stars 20 forks source link

Apk: not found -> certificate has expired #9

Closed ghost closed 3 years ago

ghost commented 3 years ago

With the old Image I am getting:

awtrix_display | --2021-10-01 22:22:32-- https://blueforcer.de/awtrix/stable/awtrix.jar awtrix_display | Resolving blueforcer.de (blueforcer.de)... 213.136.87.88 awtrix_display | Connecting to blueforcer.de (blueforcer.de)|213.136.87.88|:443... connected. awtrix_display | ERROR: cannot verify blueforcer.de's certificate, issued by '/C=US/O=Let\'s Encrypt/CN=R3': awtrix_display | Issued certificate has expired. awtrix_display | To connect to blueforcer.de insecurely, use `--no-check-certificate'.

with the new image I get just

awtrix_display | /entrypoint.sh: 19: /entrypoint.sh: apk: not found

strange

wHyEt commented 3 years ago

Hey, you are faster with the update then I can document there is a new env variable what you have to set

WGET_ALPINE_UPDATE = true

That will update the wget if you are on other platform then arm64 The reason for this is that the wget is outdated in the java_alpine witch the container is based on.

ghost commented 3 years ago

Ok, sorry for being that fast. ;-)

Despite this starting the container fails even with the env set to true. Error is:

awtrix_display | /entrypoint.sh: 19: /entrypoint.sh: apk: not found

Greetings

wHyEt commented 3 years ago

Haha everything good 🙂 im happy if someone is Testing 🙂

Can you please set it to false. The error sounds like you are on a other Platform.

ghost commented 3 years ago

Hi,

using false resolves the apk issue. But I'm getting a certificate error:

Resolving blueforcer.de (blueforcer.de)... 213.136.87.88 Connecting to blueforcer.de (blueforcer.de)|213.136.87.88|:443... connected. ERROR: cannot verify blueforcer.de's certificate, issued by '/C=US/O=Let\'s Encrypt/CN=R3': Issued certificate has expired. To connect to blueforcer.de insecurely, use `--no-check-certificate'.

i have to look how to use no check certificate in docker-compose.

ghost commented 3 years ago

"--no-check-certificate" is a wget option. I think it can be a problem with date in the image. So the certificate is marked as expired because the date is wrong?

wHyEt commented 3 years ago

@BorussiaPlayer17 the --no-check-certificate is no option for me since this is a big security issue then.

The reason is that the ca can't be verified in the old wget version of the alpine image which the container is based on so. I probably going to build my on alpine version, In some time. The only two options at the moment are if the container is existing turn off the AUTOUPDATE or use the new WGET_ALPINE_UPDATE env this just don't work with all platforms.

ghost commented 3 years ago

ok, now I'm a bit curious. Just startet a fresh alpine:latest interactive shell and tested downloading the latest jar with the build-in wget of the image. No certificate error. I'm using a Pi4. Interesting.

wHyEt commented 3 years ago

Thats Right with a blank alpine:latest its ok. That Image is updated regulary. But the Container is based on alpine-java:8_jdk.

ghost commented 3 years ago

Ah, ok. I just did a "apk add --no-cache openjdk8". Thanks for explenation.

ghost commented 3 years ago

Ok there is a error. In your workflow file you are using "armv7/armhf-java8" on armv7. This is a ubuntu based image. Not alpine. Thats why we get an "apk: not found" without the new env. This image creates the cert error with wget.

For amd64 you are using "alpine-java:8_jdk".

so the main problem is, you are not using arm. On amd64 everything works.

wHyEt commented 3 years ago

no the user name is armv7, the container is a Multiplatform that works with different platforms. there are 2 alpine images that have the problem alle other like you already found out work. Are you on the discord? there we can discuss a little better then here in the ticket

ghost commented 3 years ago

Unfortunately, no yet. There must be something I don't understand. I will do a little more research on my system.

ghost commented 3 years ago

Vor allem glaube ich wäre es auch einfacher in deutsch, oder ? :-P

wHyEt commented 3 years ago

ist für mich kein Problem :) englisch und deutsch sind meine mutter sprache :)

wHyEt commented 3 years ago

hello all, i Changed the base image please test and let me know there are no additional env needed.

ghost commented 3 years ago

Works again!

Geile Sache! Danke dir! Hab hier viel gelernt. Arbeite mich immer mehr in die Thematik Docker ein.

wHyEt commented 3 years ago

Sehr schön freut mich dann noch viel spass weiterhin :)

Captonik commented 3 years ago

Hi Leute was genau muss ich nun machen um auf meinem QNAP wieder den Awtrix Docker zum laufen zu bekommen Gleibe Problem --No-check-certificate

ghost commented 3 years ago

Ein simples docker pull des Image sollte reichen. Und den Container neu bauen.

Captonik commented 3 years ago

Den Container habe ich neu gemacht. Docker Pull ? Neu in der Sache :D Nach neu erstellten Container bekomme ich im Log keinen Fehler mehr angezeigt beendet aber direkt.

ghost commented 3 years ago

Vorher musst du mit „docker pull wheyet/awtrix2:latest“ das Image neu runterladen.

Captonik commented 3 years ago

Ah okay danke ja bei Qnap war es ein Häkchen bei Regestry nun scheint alles wieder zu laufen danke :D