Question 80327 in Docker Question posted in
The official documentation can be found here.

How to refresh bower package certificate? – Docker

While building a docker container, I came across this error

Step 6/17 : RUN bower install --allow-root ---> Running in 20f9229dcd1e bower angular-touch#~1.5.0 CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-touch failed: certificate has expired

Building this image was working fine for about 2 years, then suddenly refused to cooperate.
How can I refresh a missing certificate?

Tags:

4

Answers


  1. Chosen as BEST ANSWER
    0

    In my case i just add two lines into .bowerrc file

    "strict-ssl": false,
"https-proxy": "",

    This is workaround, and it's bad practice. But using bower and outdated plugins is also bad practice


  2. 0

    I am getting these error since yesterday.
    I solved it like following:
    if you have your dependencies in bower.json like that:

     "dependencies": {
    "bootstrap-sass": "3.2.0",
    "jquery": "2.2.0",
...
}

    then change it to:

    "dependencies": {
    "bootstrap-sass": "https://github.com/twbs/bootstrap-sass.git#3.2.0",
    "jquery": "https://github.com/jquery/jquery.git#2.2.0",
...
}

    with your specified version and git url.
    You will find the git url of all bower packages here: https://registry.bower.io/packages

    Login or Signup to reply.
  3. 0

    You are probably all using a "very old" build stack based on older node docker images, which use older Debian distribution for its base image (i.e. node:6 => Debian Stretch).

    It seems that the letsencrypt certificate of registry.bower.io was updated yesterday (April 24th, 2023) and now uses a more modern intermediate certificate. This was not available/known in older Debian distributions.

    Of course its about time to upgrade your stack, but in the meanwhile you could add this to your Dockerfile, just before you are doing the bower install as a workaround:

    # manually remove expired letsencrypt X3 certificate and install the new ISRG X1 root CA 
RUN mkdir -p /usr/share/ca-certificates/letsencrypt/ 
  && cd /usr/share/ca-certificates/letsencrypt/ 
  && curl -kLO https://letsencrypt.org/certs/isrgrootx1.pem 
  && perl -i.bak -pe 's/^(mozilla/DST_Root_CA_X3.crt)/!$1/g' /etc/ca-certificates.conf 
  && update-ca-certificates

    Then use this flag to tell bower to use the system wide CA system:

    RUN NODE_OPTIONS=--use-openssl-ca bower install ...
    Login or Signup to reply.
  4. 0

    bower install still works for newer versions of node.
    From what I noticed, the certificate stopped working for the version 6, 7 and 8.

    As a workaround: only bower install command I execute on the newer node (for example 12), and the rest of the commands for building the project I execute on the version I need.

    It worked in our project.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search