Login/Register
How to refresh bower package certificate?
Asked Answered
dockerbowerangular-touch
S

7

8

While building a docker container, I came across this error

Step 6/17 : RUN bower install --allow-root ---> Running in 20f9229dcd1e bower angular-touch#~1.5.0 CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-touch failed: certificate has expired

Building this image was working fine for about 2 years, then suddenly refused to cooperate. How can I refresh a missing certificate?

Sandisandidge answered 24/4, 2023 at 6:38 Comment(0)
S
20

In my case i just add two lines into .bowerrc file

"strict-ssl": false,
"https-proxy": "",

This is workaround, and it's bad practice. But using bower and outdated plugins is also bad practice

Sandisandidge answered 24/4, 2023 at 7:9 Comment(3)
Didn't fix the issue for me. Why is this happening today I wonder. Another weird thing is that the issue only happens inside of Docker. Any ideas?Adelaideadelaja
Doesn't require the https-proxy, just the strict-ssl (Node8 in a docker image)Pestiferous
From my experience, this works only when you start with a clean bower cache.Telly
E
10

You are probably all using a "very old" build stack based on older node docker images, which use older Debian distribution for its base image (i.e. node:6 => Debian Stretch).

It seems that the letsencrypt certificate of registry.bower.io was updated on 24th April, 2023 and since then uses a more modern intermediate certificate. This was not available/known in older Debian distributions on which the original node images were based.

Of course its about time to upgrade your stack, but in the meanwhile you could use these workarounds.

Add this to your Dockerfile, just before you are doing the bower install as a workaround:

If using node:6 / Debian Strech

# manually remove expired letsencrypt X3 certificate and install the new ISRG X1 root CA 
RUN mkdir -p /usr/share/ca-certificates/letsencrypt/ \
  && cd /usr/share/ca-certificates/letsencrypt/ \
  && curl -kLO https://letsencrypt.org/certs/isrgrootx1.pem \
  && perl -i.bak -pe 's/^(mozilla\/DST_Root_CA_X3.crt)/!$1/g' /etc/ca-certificates.conf \
  && update-ca-certificates

Then use this flag to tell bower to use the system wide CA system:

RUN NODE_OPTIONS=--use-openssl-ca bower install ...

If using node:4 / Debian Jessie

Not possible to get this ancient npm to use openssl-ca's, so just disable SSL check in the case:

RUN <<EOR
cat <<EOF > .bowerrc
{
  "registry": "https://registry.bower.io",
  "strict-ssl": false,
  "https-proxy": "" 
}
EOF
EOR
Embryology answered 25/4, 2023 at 14:42 Comment(3)
RUN cd / does nothing. #58847910 More correct steps: RUN mkdir -p /usr/share/ca-certificates/letsencrypt/ WORKDIR /usr/share/ca-certificates/letsencrypt RUN curl -kLO https://letsencrypt.org/certs/isrgrootx1.pem \ && perl -i.bak -pe 's/^(mozilla\/DST_Root_CA_X3.crt)/!$1/g' /etc/ca-certificates.conf \ && update-ca-certificatesPhilina
I do not understand your comment @AndreyFedosenko. There is no RUN cd / in my responseEmbryology
just checked, it looks like your solution works without modifications. I probably made a mistake somewhere. I apologize @ernesto-baschnyPhilina
V
3

Point to newer registry in .bowerrc

Answered here

{
 "directory": "bower_components",
 "registry": "https://bower.herokuapp.com"
}
Valery answered 1/5, 2023 at 21:28 Comment(2)
Thanks, this worked for us. Was wondering is bower.herokuapp.com the official site now ?Levesque
This works, but bower.herokuapp.com is deprecated, so it's not a permanent solution.Anuran
D
2

I am getting these error since yesterday. I solved it like following: if you have your dependencies in bower.json like that:

 "dependencies": {
    "bootstrap-sass": "3.2.0",
    "jquery": "2.2.0",
...
}

then change it to:

"dependencies": {
    "bootstrap-sass": "https://github.com/twbs/bootstrap-sass.git#3.2.0",
    "jquery": "https://github.com/jquery/jquery.git#2.2.0",
...
}

with your specified version and git url. You will find the git url of all bower packages here: https://registry.bower.io/packages

Doersten answered 25/4, 2023 at 8:17 Comment(1)
From my experience this works only when you don't have "deeper" bower dependencies, that is it will only work for the packages directly listed, but not their dependencies.Telly
E
1

bower install still works for newer versions of node. From what I noticed, the certificate stopped working for the version 6, 7 and 8.

As a workaround: only bower install command I execute on the newer node (for example 12), and the rest of the commands for building the project I execute on the version I need.

It worked in our project.

Existent answered 25/4, 2023 at 16:1 Comment(0)
R
0

Updating the node version from 8 to 18 fixed the error for me.

Robyn answered 4/5, 2023 at 4:20 Comment(1)
And similarly, make sure to run nvm use if you have a .nvmrc file in the project.Kimberlykimberlyn
S
0

Not sure if it is right, but the steps below worked for us:

1 - Remove the old cert:

sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf

2 - Update certs:

update-ca-certificates

3 - Disable SSL temporarily: add "strict-ssl": false to .bowerrc file.

4 - Add bower cache-clean before bower install command in your steps.

5 - Include the flag --use-openssl-ca to bower install command.

6 - Run your build, it should work this time.

7 - Back and enable the SSL: remove the "strict-ssl": false from .bowerrc file.

8 - The next builds should work with SSL and without the certificate problem.

Sapper answered 23/5, 2023 at 13:51 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.