2

NET 5.0 console app which I want to run in docker container

using System; using System.Threading.Tasks; using Microsoft.AspNetCore.SignalR.Client; using System.Net.Http; using System.Threading; namespace pi_worker { class Program { private const string _url = "*server_url*"; static async Task Main(string[] args) { using (HttpClient client = new HttpClient()) { await client.GetAsync($"{_url}/*endpointName*"); } } }

I'm building my container with dockerfile and commands:

docker build -t worker . docker run worker.

FROM mcr.microsoft.com/dotnet/runtime:5.0 COPY bin/Release/net5.0/publish . ENTRYPOINT ["dotnet", "pi-worker.dll"]

But for the second command container starts I'm getting this error

Unhandled exception. System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid because of errors in the certificate chain: UntrustedRoot at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Boolean async, Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.SendAsyncCore(HttpRequestMessage request, HttpCompletionOption completionOption, Boolean async, Boolean emitTelemetryStartStop, CancellationToken cancellationToken) at pi_worker.Program.Main(String[] args) in *path_to_project*\pi-worker\pi-worker\Program.cs:line 25 at pi_worker.Program.<Main>(String[] args)

I tried some google solution but none of them helped

Improve this question
2

1 Answer 1

Reset to default
1

The error message says that your worker in Docker can not recognize an SSL certificate of your server. Because of it, the HTTPS connection can not be established. In order to fix it, you need to somehow add a certificate from your server to the Trusted certificates stored in your docker container. This article may help to do it.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

When they are creating container they mounting certs in docker container docker run -v /host/path/to/certs:/container/path/to/certs but how can I get path/to/certs when cert of my API is on the server
The server contains the private key of the certificate and you need the public key. The public key can be downloaded via browser. See this for more details about downloading it from browser.
Sorry, the previous comment is not exactly correct. There are no private or public keys in those certificates. The certificate is the same on the client and server-side. The thing is that this certificate should be issued by a trusted authority. In order to force your docker container to consider your server as 'trusted', you should copy the certificate from server to the 'Trusted certificates' store. If you can not download it directly from the server, you may download it via browser or other https tools on your host machine
It's working! But I have one more question. In my case certificate on my server is valid to 2035 so everytime when my certificate expires I need to repeat these steps? Is there a possibility to automate this process?
You can add a certificate from the authority, which issues a certificate for your server. Those certificates are validated transitively. So, even if the server`s certificate is expired and you receive a new one, it will still be considered valid as long as the issuer is considered as trusted

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.