[StackOverflow/docker] Docker image error The remote certificate is invalid according to the validation procedure on client web-application

### ROOT CAUSE The error occurs because the Docker container's environment (likely using a minimal base image) lacks the necessary root certificates to validate the remote server's SSL certificate. This typically happens when: - The remote server uses a self-signed certificate. - The certificate authority (CA) for the remote server's certificate is not included in the container's trust store. - The base Docker image is outdated and missing updated root certificates. ### CODE FIX Modify the Dockerfile to include the necessary root certificates or explicitly trust the remote server's certificate. Here's how: 1. **Add the Root Certificate Authority (CA) Bundle**: - Copy the CA certificate bundle (e.g., `ca-certificates.crt` or `ca-certificates.pem`) into the Docker image and update the system's trusted certificates. ```Dockerfile FROM python:3.9-slim # Example base image (replace with your base image) # Copy the CA certificate bundle (obtain this from your system: /etc/ssl/certs/ca-certificates.crt) COPY ca-certificates.crt /usr/local/share/ca-certificates/ # Update the system's trusted certificates RUN update-ca-certificates && rm -f /etc/ssl/certs/*.zst && \ ln -s /usr/local/share/ca-certificates/ca-certificates.crt /etc/ssl/certs/ca-cert.combined.crt && \ update-crypto-chain ``` 2. **If the remote server uses a self-signed certificate**: - Generate a self-signed certificate (or obtain one from the server). - Add it to the container's trust store (same as above). 3. **Alternative: Configure the Application to Trust the Certificate**: - If the issue is in the application code (e.g., Python), explicitly trust the certificate: ```python import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning # Suppress warning (for testing only) requests.packages.urllib3.disable_warnings(InsecureRequestWarning) response = requests.get('https://remote-server', verify='/path/to/certificate.pem') ``` 4. **Ensure System Time is Correct**: - Incorrect system time can cause certificate validation failures. Add a time synchronization command to the Dockerfile: ```Dockerfile RUN apt-get update && apt-get install -y ntp && ntpd -q ``` **Note**: Replace paths and certificates with your specific details. Use the first method if the remote server uses a standard CA certificate. For self-signed certificates, ensure the certificate is properly formatted and accessible by the application.