Search code examples
pythondockeropenssl

CERTIFICATE_VERIFY_FAILED on pip install on Docker

I have a containerized Python application and a simple Dockerfile based on an official Python image:

FROM python:3.8.2

# Set environment variables
ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1


# Create /app directory, cd and copy app code there
RUN mkdir /code
WORKDIR /code
COPY . /code/

# Install uWSGI
RUN pip install uwsgi

# Install pipenv and dependencies
RUN pip install pipenv
RUN pipenv install

It has been running fine for some time but since this week I cannot run a build:

> docker build .
Sending build context to Docker daemon   78.7MB
Step 1/9 : FROM python:3.8.2
 ---> f88b2f81f83a
Step 2/9 : ENV PYTHONDONTWRITEBYTECODE 1
 ---> Using cache
 ---> 45d957e47769
Step 3/9 : ENV PYTHONUNBUFFERED 1
 ---> Using cache
 ---> 6b4a2895d407
Step 4/9 : RUN mkdir /code
 ---> Using cache
 ---> b62fa947f323
Step 5/9 : WORKDIR /code
 ---> Using cache
 ---> 36c69f0e2ccf
Step 6/9 : COPY . /code/
 ---> a17cd24bfae2
Step 7/9 : RUN pip install uwsgi
 ---> Running in 888bec573d6b
Collecting uwsgi
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VER
IFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1108)'))': /packages/e7/1e/3dcca007f974fe4eb369bf1b8629d5e342bb3055e2001b2e5340aaefae7a/uwsgi-2.0.18.
tar.gz
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VER
IFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1108)'))': /packages/e7/1e/3dcca007f974fe4eb369bf1b8629d5e342bb3055e2001b2e5340aaefae7a/uwsgi-2.0.18.
tar.gz
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VER
IFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1108)'))': /packages/e7/1e/3dcca007f974fe4eb369bf1b8629d5e342bb3055e2001b2e5340aaefae7a/uwsgi-2.0.18.
tar.gz

I am running this from a Windows machine but my containers are on Linux.

I found a solution with --trusted-host files.pythonhosted.org but it doesn't seem quite right to trust downloading code on HTTP and I'd rather get the certificates right. However I am not very good about certificates and even less so in a Docker image.

Any help please?

Solution

  • After hours of fiddling with certificates and pondering the --trusted-host workaround, I finally found something that worked for me:

    Updated Docker Desktop (for Windows) to version 2.2.0.4 (latest), and everything runs fine again ...

    I'm not sure to understand why though, so thoughts are still welcome!