Issue With SSL Certificate Pushing pihole Code to App

joshsevers · July 13, 2019, 5:39pm

Hello there,

Following the project to set up a pi-hole with a Raspberry Pi Zero W, and I’ve run into an issue when trying to push the pihole and dnscrypt-proxy code to my application. I’m running this through Terminal on Mac OS X 10.13.6; here are the logs:

[pihole]          Using cache
[pihole]           ---> f2b25b2e6b18
[pihole]          Step 4/17 : RUN curl -sSL https://raw.githubusercontent.com/tasanakorn/rpi-fbcp/master/CMakeLists.txt -O
[dnscrypt-proxy]  Using cache
[dnscrypt-proxy]   ---> e77d1ad88b19
[dnscrypt-proxy]  Successfully built e77d1ad88b19
[pihole]           ---> Running in 1830d23ecbbb
[pihole]          curl: (60) SSL certificate problem: unable to get local issuer certificate
[pihole]          More details here: https://curl.haxx.se/docs/sslcerts.html
[pihole]          curl failed to verify the legitimacy of the server and therefore could not
[pihole]          establish a secure connection to it. To learn more about this situation and
[pihole]          how to fix it, please visit the web page mentioned above.
[pihole]          
[pihole]          Removing intermediate container 1830d23ecbbb
[Info]            Uploading images
[pihole]          The command '/bin/sh -c curl -sSL https://raw.githubusercontent.com/tasanakorn/rpi-fbcp/master/CMakeLists.txt -O' returned a non-zero code: 60
[Success]         Successfully uploaded images
[Error]           Some services failed to build:
[Error]             Service: pihole
[Error]               Error: The command '/bin/sh -c curl -sSL https://raw.githubusercontent.com/tasanakorn/rpi-fbcp/master/CMakeLists.txt -O' returned a non-zero code: 60
[Error]             Service: undefined
[Error]               Error: Information not available
[Error]           Not deploying release.
Remote build failed

I tried rebooting the Pi, and also looked on that site mentioned in the comments, but I’m not sure I understand what the issue is. From what I can gather from that site and elsewhere online, it may be an issue with the certificate itself on https://raw.githubusercontent.com/tasanakorn/rpi-fbcp/master/CMakeLists.txt but again, I’m not sure.

Any help would be greatly appreciated; thanks!

Josh

blazinfatherted · July 14, 2019, 7:13am

I’m having this issue as well on a different app. It could be a certificate that has expired. I get the same error messages error 60

j4v132 · July 15, 2019, 8:35am

I have follow those steps and looks like this has to be fixed by Balena team

hedss · July 15, 2019, 12:17pm

Thank you all for getting in touch and commenting. We’re going to look into this and determine what the underlying issue may be. It doesn’t initially look like a certificate update issue, as the site returns a certificate signed in 2017, but we’ll update this thread when we have more information.

Best regards, Heds

hedss · July 15, 2019, 1:14pm

Hello again,

We’ve had a bit of a look into this. It appears to be an issue with curl itself, please see here for more details: https://github.com/balena-io-library/base-images/issues/562 Because of this, it means that curl needs to be patched in the Arm 32bit version of Debian Buster. We’re going to PR changes for our project to switch to wget shortly, but if you wish to make those changes this should solve the issue for you.

My colleague has also pointed out that even when building, the project will not work on the Pi Zero architecture. You can read more about this issue in the inherited project here: https://github.com/pi-hole/docker-pi-hole/issues/245

Best regards, Heds

joshsevers · July 18, 2019, 2:09am

Great; thanks! Looks like I’ll just go with the basic pi-hole installation on my Zero W. Cheers!