Coder.comC
Coder.com10mo ago
17 replies
GR8B8

Setting up CA certificate for the container

Hey there!

I'm hosting Coder on a Redhat VM that is already configured with it's certificate from our CA. However, I'm having a hard time trying to set it up on the container.

After starting the workspace if I check the docker logs of the container I get

curl -fsSL --compressed https://coder.ourdomain.com/bin/coder-linux-amd64 -o coder
curl: (60) SSL certificate problem: unable to get local issuer certificate


I'm using the Docker Containers starter template and added the upload block on the docker_container resource to upload the certificate from the Coder machine to the container.

upload {
  file   = "/usr/local/share/ca-certificates/cert.crt"
  source = "/srv/certificate.pem
}


This part is working fine, however it does not update the certificates automatically, leading to the error above. To fix this, on the Coder host I have to docker exec -it <container_id> bash and then run the sudo update-ca-certificates (without sudo fails).

I tryed adding this entrypoint = ["sh", "-c", replace(...), "&&", "sudo update-ca-certificates"] to the entrypoint parameter of the docker_containers resource but it did not work.

Is it possible to configure like this? Thanks in advance!
Solution
Updating here in case it helps someone going through something similar, the "unable to get local issuer certificate" as the error itself suggests was a problem with how our intermediate certificate was generated.

However, using a self-signed certificate to validate it still caused the "could not resolve hostname" error when trying to open Coder on VS Code Desktop extension.

It was necessary, in addition to including the self-signed certificate in the trust store of our machine, which had already been done, to add the environment variable NODE_EXTRA_CA_CERTS on the machine pointing to the path of the certificate.
Jump to solution
Was this page helpful?