Obscure error if git server ssl is not trusted #1514

Open
opened 2026-03-22 17:32:11 -05:00 by GiteaMirror · 2 comments
Owner

Originally created by @SergeyFilippov on GitHub (Dec 7, 2025).

Description: if there is a git repo configured, that targets a URL signed with a custom SSL certificate, deployment fails with error description that has nothing to do with actual source of the issue.

Steps to reproduce:

  1. Add repo to a local git, that is served with a self signed SSL certificate
  2. Create new stack, that uses created repo and a compose in it
  3. Try deploying it to regularly deployed periphery

Actual result:

ERROR: 500 Internal Server Error

TRACE:
	1: Failed to validate run directory on host after stack write (canonicalize error)
	2: No such file or directory (os error 2)

Expected result:
A message, that highlight issues with certificate trust between periphery and git.

P.S. for those, who is having the same problem there are 2 workarounds:

  1. Use http endpoint of your git server
  2. You can build custom docker image to add custom root certificate (expects *.crt file in certs subdirectory):
services:
  periphery:
    ## comment periphery image
    #image: ghcr.io/moghtech/komodo-periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest}

    ## build own image instead
    build:
      context: .
      dockerfile_inline: |
        FROM ghcr.io/moghtech/komodo-periphery:latest
        COPY ./certs/* /usr/local/share/ca-certificates
        RUN update-ca-certificates
Originally created by @SergeyFilippov on GitHub (Dec 7, 2025). **Description:** if there is a git repo configured, that targets a URL signed with a custom SSL certificate, deployment fails with error description that has nothing to do with actual source of the issue. **Steps to reproduce:** 1. Add repo to a local git, that is served with a self signed SSL certificate 2. Create new stack, that uses created repo and a compose in it 3. Try deploying it to regularly deployed periphery **Actual result:** ```log ERROR: 500 Internal Server Error TRACE: 1: Failed to validate run directory on host after stack write (canonicalize error) 2: No such file or directory (os error 2) ``` **Expected result:** A message, that highlight issues with certificate trust between periphery and git. P.S. for those, who is having the same problem there are 2 workarounds: 1. Use http endpoint of your git server 2. You can build custom docker image to add custom root certificate (expects *.crt file in certs subdirectory): ```yaml services: periphery: ## comment periphery image #image: ghcr.io/moghtech/komodo-periphery:${COMPOSE_KOMODO_IMAGE_TAG:-latest} ## build own image instead build: context: . dockerfile_inline: | FROM ghcr.io/moghtech/komodo-periphery:latest COPY ./certs/* /usr/local/share/ca-certificates RUN update-ca-certificates ```
Author
Owner

@b3nw commented on GitHub (Dec 18, 2025):

+1 Komodo Periphery version: v1.19.5

@b3nw commented on GitHub (Dec 18, 2025): +1 Komodo Periphery version: v1.19.5
Author
Owner

@2114L3 commented on GitHub (Jan 24, 2026):

thanks for the troubleshoot assist on the error msg

i found that volume /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro from debian host to debian periphery, with the host having the certs imported already will resolve the trust issue without needing a build.

i assume you can also mount it in there seperately and edit your entry or cmd to include an update.

@2114L3 commented on GitHub (Jan 24, 2026): thanks for the troubleshoot assist on the error msg i found that volume /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro from debian host to debian periphery, with the host having the certs imported already will resolve the trust issue without needing a build. i assume you can also mount it in there seperately and edit your entry or cmd to include an update.
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/komodo#1514