[ERROR] Node.js 21 on Ubuntu22.04.4 Docker Installation fail about distributions HOT 8 CLOSED

Hi @JaiRaeWiz-DOL I was not able to re-produce the issue, if you have issues with curl and the ca-certs it means you have the root ca certs outdated.
try this way:

docker run -it ubuntu bash
apt-get update -y
apt-get install curl ca-certificates -y
curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
apt-get install -y nodejs

from distributions.

@riosje I have repeated these commands exactly and have not achieved the same results.

C:\Users\me>docker run -it ubuntu bash
root@dcbf4f904616:/# apt-get update -y
Get:1 http://archive.ubuntu.com/ubuntu jammy InRelease [270 kB]
Get:2 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
[...]
root@dcbf4f904616:/# apt-get install curl ca-certificates -y
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
[...]
root@dcbf4f904616:/# curl -fsSL https://deb.nodesource.com/setup_20.x | bash -
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
root@dcbf4f904616:/#

Is the whole point of Docker not that it can be recreated with the same commands no matter what? You marked this as completed, without getting my feedback, because you assumed I would say "whoopsie me, all my fault. fixed." The issue persists, and it remains needing a fix. By the nature of Docker, and it's BASE definition, you cannot recreate the issue on your side, and say "It's fixed now." If the issue persists on my side, something is wrong with the command. curl -fsSL https://deb.nodesource.com/setup_20.x | bash - is not working properly when run IN DOCKER on my device, and therefore, by definition of Docker, is a sporadic bug. That is a bug on nodesource's side. Please assist properly, and refrain from disrespecting bug reporting workflows in the future. While this account is new, I have been doing this a long time in the private sector, and I would be reamed out in a private office if I had closed a ticket like this.

from distributions.

Hi @JaiRaeWiz-DOL
As I mentioned before the issue is not in our repository itself, some times Docker is not that atomic as you think it is.
Update your Docker desktop version, try Stopping and Deleting all the current containers and test again.
Just in case you are not capable to fix your Docker container config, you make want to append the -k param to CURL also need to download the script and append the -k flag to the curl command.

This is working in my local env but check our CI latest execution too, this just works on every well-working Docker setup.
https://github.com/nodesource/distributions/actions/runs/8350003329

This issue is obviously on your device configuration which out of our scope.
If you need professional assistance I encourage you to contact us to get some professional training.
https://nodesource.com/pages/contact-us.html

from distributions.

I will take the issue to Docker. Although I'm not sure how root CAs contained within a container could be affected by my host machine, but I'll take your word for it.

from distributions.

@JaiRaeWiz-DOL you can make a simple test.
curl https://www.docker.com
curl https://www.google.com

If it returns the same error let's say the google servers and docker are broken.

from distributions.

I can tell by your contributions chart that you don't do much troubleshooting workflows, as you don't do much issue reporting and code review as you do commits and pull requests. I started my career in QA years and years ago. I literally wrote standards guides for testing and issue reporting in that time. While my initial report was not the most detailed (I had little to go on), I did not, thankfully, suffer an aneurysm at the moment of attempting to debug this issue, and left it to the competent reader to assume that I would not have opened an issue with nodesource if other endpoints were also not curling correctly. The debian node source is an outlier in that it is the only known endpoint facing this issue in this workflow. I have tried google and docker, as suggested, and facebook, yahoo, reddit, github, and an API endpoint I control, all of which work as expected.

But despite this, I've already decided to take your side, defer to your expertise in the matter of a project you're connected to, and redirect my issue to the docker community, because they, surely, will know why the nodesource controlled url is specifically returning an insecure certificate to a ubuntu Docker container.

For what it's worth, I will report that the same issue (curling the url from my windows host machine) works fine. So while Docker specifically may be at fault here somehow, I will reiterate. An unreliable recreation of a docker container from identical commands, regardless of system, is a sporadic bug for that command. Commands for the installation of a package verbatim not working on a fresh, identically to a control test, and correctly configured system is a problem with the package, not the system. This is a base fact of software engineering.

I will let you know what Docker says about this.

from distributions.

Hi @JaiRaeWiz-DOL, when a issue is created, we always try to replicate the problem. All computers and operating systems are different, so there is a possibility of finding a problem that is only present in your machine. this is not an exact science.

This is the first time this issue has been reported. Can you tell us the version of ubuntu and docker you are using? also it is very helpful to upload the complete output of all commands, may give us some clues.

from distributions.

Ok, I solved this issue. The issue was not with nodesource, and now I have evidence of that, but there was no reason before discovering this to believe it wasn't, so I apologize at least on that. I don't have an explanation of why this occurred, but I at least tracked down the issue to a source. For some odd reason, my local network (outside docker) was using real root CAs. For seemingly no reason at all, when I checked the SSL cert INSIDE the container, the root CA was for deb.nodesource.com, but the issuer was for my work's VPN for when I am working from home, even though the VPN is not currently active, nor configured to communicate or work with Docker in any way. There was no reason for me to believe it was affecting the communication, especially in this way. The program is not even running, even in the background. I don't know where or how it got this cert. Apparently, that's fine for other sites, but for deb.nodesource.com in particular it causes a problem. I have a meeting with the team that controls the VPN shortly, and will bring it up with them. Thanks @JesusPaz, for coming in patient. I understand development is a frustrating world, but reporting a mysterious issue that affects my job only for it to be thrown out the window the second someone decides it wasn't an issue for them is extra frustrating as a user.

For posterity to people experiencing something similar perhaps on work laptops with VPN, I used this command to confirm the cert on my local machine and from within docker:

echo | openssl s_client -showcerts -servername deb.nodesource.com -connect deb.nodesource.com:443 2>/dev/null | openssl x509 -inform pem -noout -text

from distributions.