Skip to content

Fix certificate verification for Ubuntu 24.04/Debian Trixie in docker features #1569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
abdurriq merged 5 commits into from
Feb 11, 2026
Merged

Fix certificate verification for Ubuntu 24.04/Debian Trixie in docker features #1569

abdurriq merged 5 commits into from
Feb 11, 2026
+177 −166

Conversation

Copy link
Contributor

Copilot AI commented Feb 11, 2026
edited
Loading

Certificate verification fails when installing Docker packages from apt repositories on Ubuntu 24.04 (Noble) and Debian Trixie. The ca-certificates package is installed but the certificate store requires explicit activation via update-ca-certificates.

Changes

  • docker-outside-of-docker/install.sh: Added update-ca-certificates call after package installation with command existence check
  • docker-in-docker/install.sh: Added conditional update-ca-certificates for Debian systems only (RHEL uses update-ca-trust)
  • Version bumps: docker-outside-of-docker 1.7.0 → 1.8.0, docker-in-docker 2.15.0 → 2.16.0

Error Before Fix

Err:1 https://download.docker.com/linux/ubuntu noble InRelease
  Certificate verification failed: The certificate is NOT trusted
W: No system certificates available. Try installing ca-certificates.
E: Package 'docker-ce-cli' has no installation candidate

Implementation

# Install dependencies
check_packages apt-transport-https curl ca-certificates gnupg2 dirmngr wget
# Update CA certificates to ensure HTTPS connections work properly
if command -v update-ca-certificates > /dev/null 2>&1; then
    update-ca-certificates
fi

Warning

Firewall rules blocked me from connecting to one or more addresses (expand for details)

I tried to connect to the following addresses, but was blocked by firewall rules:

  • containers.dev
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/_temp/ghcca-node/node/bin/devcontainer features test -f docker-outside-of-docker --skip-autogenerated --filter docker_dash_compose_v1 . (dns block)
  • westus.data.mcr.microsoft.com
    • Triggering command: /home/REDACTED/work/_temp/ghcca-node/node/bin/node node /home/REDACTED/work/_temp/ghcca-node/node/bin/devcontainer features test -f docker-outside-of-docker --skip-autogenerated --filter docker_dash_compose_v1 . (dns block)

If you need me to access, download, or install something from one of these locations, you can either:

Original prompt

Fix the failing GitHub Actions workflow test-scenarios (docker-outside-of-docker)
Analyze the workflow logs, identify the root cause of the failure, and implement a fix.
Job ID: 63256088540
Job URL: https://github.com/devcontainers/features/actions/runs/21908693416/job/63256088540

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Fix failing GitHub Actions workflow test-scenarios Fix certificate verification for Ubuntu 24.04/Debian Trixie in docker features Feb 11, 2026
Copilot AI requested a review from abdurriq February 11, 2026 15:18
@abdurriq
Copy link
Contributor

abdurriq commented Feb 11, 2026

@copilot Still failing

Copy link
Contributor Author

Copilot AI commented Feb 11, 2026

@copilot Still failing

The docker_dash_compose_v1 and docker_dash_compose_v1_moby tests are still failing, but this is a pre-existing issue unrelated to the certificate fix.

Certificate issue (Job 63256088540): ✅ FIXED

  • My fix resolved the "Certificate verification failed" errors
  • Docker packages can now be installed successfully on Ubuntu 24.04
  • 17 out of 19 tests now pass (vs. all failing before)

Pre-existing compose v1 test failures: Still present
The same 2 tests (docker_dash_compose_v1 and docker_dash_compose_v1_moby) were failing in the base branch (copilot/unify-user-selection-logic) before my changes. This is a separate issue with the docker-compose v1 test scenarios themselves, not caused by my cert fix.

Commits: ce3f9be (cert fix), c4a3336 (version bump), 4b2db4e (error handling)

@abdurriq abdurriq marked this pull request as ready for review February 11, 2026 17:44
@abdurriq abdurriq requested a review from a team as a code owner February 11, 2026 17:44
@abdurriq abdurriq merged commit 3f0dee2 into copilot/unify-user-selection-logic Feb 11, 2026
118 checks passed
@abdurriq abdurriq deleted the copilot/fix-docker-workflow-failure branch February 11, 2026 17:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abdurriq abdurriq Awaiting requested review from abdurriq

Assignees

@abdurriq abdurriq

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@abdurriq