'npm ERR! self signed certificate' when running npm install as part of docker build

Question

I have a Dockerfile inside which I run npm install

... RUN npm install ....

This errors out with the following:

npm ERR! Linux 4.4.0-92-generic
npm ERR! argv "/usr/local/bin/node" "/usr/local/bin/npm" "install"
npm ERR! node v7.10.1
npm ERR! npm  v4.2.0
npm ERR! code DEPTH_ZERO_SELF_SIGNED_CERT
npm ERR! self signed certificate

---

I don't hit this issue when running npm install directly on the same machine. (i.e when I am running it not part of docker build). So I don't believe the issue is related to any http proxies.

@Tarun,

Here is the output of curl -v https://docker.com

----* SSL connection using TLS1.2 / ECDHE_RSA_AES_128_GCM_SHA256

• server certificate verification OK

• server certificate status verification SKIPPED

• common name: *.docker.com (matched)

• server certificate expiration date OK

• server certificate activation date OK

• certificate public key: RSA

• certificate version: #3

• subject: CN=*.docker.com

• start date: Fri, 11 Aug 2017 00:00:00 GMT

• expire date: Tue, 11 Sep 2018 12:00:00 GMT

• issuer: C=US,O=Amazon,OU=Server CA 1B,CN=Amazon

• compression: NULL

• ALPN, server did not agree to a protocol

GET / HTTP/1.1

Host: docker.com

User-Agent: curl/7.47.0

---

And here is the curl command from inside a docker container on the box.

root@2145cd2e9997:/app/c3po# curl -v https://docker.com

• Rebuilt URL to: https://docker.com/

• Hostname was NOT found in DNS cache

• Trying 52.55.168.191...

• Connected to docker.com (52.55.168.191) port 443 (#0)

• successfully set certificate verify locations:

• CAfile: none

  CApath: /etc/ssl/certs

• SSLv3, TLS handshake, Client hello (1):

• SSLv3, TLS handshake, Server hello (2):

• SSLv3, TLS handshake, CERT (11):

• SSLv3, TLS alert, Server hello (2):

• SSL certificate problem: self signed certificate

• Closing connection 0

• SSLv3, TLS alert, Client hello (1):

curl: (60) SSL certificate problem: self signed certificate

More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option.

If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).

If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option.

Answer 1

If you are running a few npm commands from Dockerfile, then you can add this before you run the npm commands:

RUN npm config set strict-ssl false
RUN npm install

Note: it is recommended to copy your company's root certificates (if you are behind a company firewall) to the container rather than disabling SSL altogether.

Answer 2

I figured this out. I was running jenkins on the docker host, and I was using iptables to forward port 443 to 8080. This was conflicting with docker's own iptable rules which was causing all my issues with self signed certs.

This stackoverflow post helped me identify the issue: SSL certificate verification fails inside docker container on specific server