While building a docker container, I came across this error
Step 6/17 : RUN bower install --allow-root ---> Running in 20f9229dcd1e bower angular-touch#~1.5.0 CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-touch failed: certificate has expired
Building this image was working fine for about 2 years, then suddenly refused to cooperate. How can I refresh a missing certificate?
On
I am getting these error since yesterday. I solved it like following: if you have your dependencies in bower.json like that:
"dependencies": {
"bootstrap-sass": "3.2.0",
"jquery": "2.2.0",
...
}
then change it to:
"dependencies": {
"bootstrap-sass": "https://github.com/twbs/bootstrap-sass.git#3.2.0",
"jquery": "https://github.com/jquery/jquery.git#2.2.0",
...
}
with your specified version and git url. You will find the git url of all bower packages here: https://registry.bower.io/packages
On
You are probably all using a "very old" build stack based on older node docker images, which use older Debian distribution for its base image (i.e. node:6 => Debian Stretch).
It seems that the letsencrypt certificate of registry.bower.io was updated on 24th April, 2023 and since then uses a more modern intermediate certificate. This was not available/known in older Debian distributions on which the original node images were based.
Of course its about time to upgrade your stack, but in the meanwhile you could use these workarounds.
Add this to your Dockerfile, just before you are doing the bower install as a workaround:
node:6 / Debian Strech# manually remove expired letsencrypt X3 certificate and install the new ISRG X1 root CA
RUN mkdir -p /usr/share/ca-certificates/letsencrypt/ \
&& cd /usr/share/ca-certificates/letsencrypt/ \
&& curl -kLO https://letsencrypt.org/certs/isrgrootx1.pem \
&& perl -i.bak -pe 's/^(mozilla\/DST_Root_CA_X3.crt)/!$1/g' /etc/ca-certificates.conf \
&& update-ca-certificates
Then use this flag to tell bower to use the system wide CA system:
RUN NODE_OPTIONS=--use-openssl-ca bower install ...
node:4 / Debian JessieNot possible to get this ancient npm to use openssl-ca's, so just disable SSL check in the case:
RUN <<EOR
cat <<EOF > .bowerrc
{
"registry": "https://registry.bower.io",
"strict-ssl": false,
"https-proxy": ""
}
EOF
EOR
bower install still works for newer versions of node.
From what I noticed, the certificate stopped working for the version 6, 7 and 8.
As a workaround: only bower install command I execute on the newer node (for example 12), and the rest of the commands for building the project I execute on the version I need.
It worked in our project.
On
Point to newer registry in .bowerrc
Answered here
{
"directory": "bower_components",
"registry": "https://bower.herokuapp.com"
}
Not sure if it is right, but the steps below worked for us:
1 - Remove the old cert:
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
2 - Update certs:
update-ca-certificates
3 - Disable SSL temporarily: add "strict-ssl": false to .bowerrc file.
4 - Add bower cache-clean before bower install command in your steps.
5 - Include the flag --use-openssl-ca to bower install command.
6 - Run your build, it should work this time.
7 - Back and enable the SSL: remove the "strict-ssl": false from .bowerrc file.
8 - The next builds should work with SSL and without the certificate problem.
In my case i just add two lines into .bowerrc file
This is workaround, and it's bad practice. But using bower and outdated plugins is also bad practice