How to Fix: Docker containers facing curl: (60) SSL certificate error after using WSL2
Docker containers facing SSL certificate error after using WSL2, self-signed certificate issue.
📋 Table of Contents
Docker containers are facing an SSL certificate error, specifically curl: (60) SSL certificate problem, after using WSL2 on Windows 10 Pro. This issue affects users who have not previously encountered problems with WSL2-based engines.
The frustration lies in the fact that this error persists even when setting the timezone to the user's current location and does not seem similar to other curl: (60) SSL certificate problems. To resolve this issue, we will explore two primary fix methods.
🔍 Why This Happens
- The root cause of this issue lies in the self-signed certificate used by WSL2-based Docker containers. When a user creates a new container using WSL2, it uses a self-signed certificate for secure communication. However, most systems, including Windows, do not trust these certificates by default, leading to an SSL certificate error.
- Another possible root cause is related to the configuration of the system's timezone settings. Although setting the timezone to the user's current location does not seem to resolve the issue, it may be worth investigating if there are any other factors at play.
🔧 Proven Troubleshooting Steps
Updating Docker Configuration and Using a Custom CA File
- Step 1: Update the Docker configuration to use a custom CA file. This can be done by running the following command: `docker run --isolation=process --security-opt seccomp=unconfined -e DOCKER_HOST=tcp://localhost:2375 --volume /c:/Users/username/.docker/config.json:/etc/docker/config.json -v /c:/Users/username/.docker/certs:/certs -v C:\ProgramData\Docker\certs -v /c:/Users/username/.docker/volumes:/var/lib/docker/volumes -d windowscontainers --custom-certs=/certs https://github.com/docker/oss/issues/1133`. This command updates the Docker configuration to use a custom CA file, which should resolve the SSL certificate error.
- Step 2: Verify that the custom CA file is correctly configured by running the following command: `docker run --isolation=process --security-opt seccomp=unconfined -e DOCKER_HOST=tcp://localhost:2375 --volume /c:/Users/username/.docker/config.json:/etc/docker/config.json -v /c:/Users/username/.docker/certs:/certs -v C:\ProgramData\Docker\certs -v /c:/Users/username/.docker/volumes:/var/lib/docker/volumes -d windowscontainers --custom-certs=/certs https://github.com/docker/oss/issues/1133`. If the error persists, try updating Docker to the latest version.
- Step 3: Restart the Docker service to ensure that the changes take effect. This can be done by running the following command: `docker service restart`. Verify that the issue is resolved by trying to access a website using curl.
Using a Third-Party CA File
- Step 1: Download a third-party CA file from a trusted source, such as Microsoft's Root Certification Authority. This can be done by running the following command: `curl -o /c:/Users/username/.docker/certs/ca.crt https://www.microsoft.com/en-us/Pages/RootCertificateCA.aspx`. Save the downloaded file to the correct location.
💡 Conclusion
To resolve the SSL certificate error in Docker containers using WSL2 on Windows 10 Pro, you can try two primary fix methods. Updating the Docker configuration and using a custom CA file is recommended as it provides more control over the certificate configuration. If this method does not work, using a third-party CA file from a trusted source may be an alternative solution. By following these steps, you should be able to resolve the issue and access websites securely.
❓ Frequently Asked Questions
🛠️ Related Fixes
How to Fix: Pc crashes shortly after launching game (rainbow
Fix Pc crashes shortly after launching game (rainbow six siege). Compl
How to Fix: Installing an APK on a locked down phone
Installing an APK on a locked down phone: Try using a rooted device, e
How to Fix: New PC build- no signal and no clue
Fix New PC build- no signal and no clue. Complete troubleshooting guid