8000 Certificate errors after switching to Zscaler VPN · Issue #7209 · ddev/ddev · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
Certificate errors after switching to Zscaler VPN #7209
New issue
New issue
Closed
Closed
Certificate errors after switching to Zscaler VPN#7209
@bryandugan

Description

@bryandugan
bryandugan
opened on Apr 14, 2025

Preliminary checklist

Output of ddev debug test

Expand `ddev debug test` diagnostic information 
======== Output file will be in /var/folders/hp/jr_4l_qj1zq1drccqym3q5_02t718k/T/ddev-debug-test.txt ========


======== Existing project config ========
ddev installation alternate locations:
/opt/homebrew/bin/ddev
/usr/local/bin/ddev
/usr/local/bin/ddev

These config files were loaded for project www-project: [/Users/username/www/www-project/.ddev/config.yaml]
name: www-project
type: craftcms
docroot: web
php_version: 8.2
webserver_type: nginx-fpm
webimage: ddev/ddev-webserver:v1.24.4
additional_hostnames: []
additional_fqdns: []
database: {mysql 8.0}
project_tld: ddev.site
use_dns_when_possible: true
composer_version: 2
nodejs_version: 22
default_container_timeout: 120


======== existing project customizations ========
.ddev/docker-compose.vite.yaml
.ddev/db-build/ZscalerRootCertificate-2048-SHA256.crt
.ddev/web-build/ZscalerRootCertificate-2048-SHA256.crt


======== installed DDEV add-
No registered add-ons were found.


======== mutagen situation ========
looking for #ddev-generated in mutagen.yml in project /Users/username/www/www-project

unmodified #ddev-generated found in .ddev/mutagen/mutagen.yml


======== Creating dummy project named tryddevproject-18339 in ../tryddevproject-18339 ========
Creating a new DDEV project config in the current directory (/Users/username/www/tryddevproject-18339)
Once completed, your configuration will be written to /Users/username/www/tryddevproject-18339/.ddev/config.yaml

Configuring a 'php' project named 'tryddevproject-18339' with docroot 'web' at '/Users/username/www/tryddevproject-18339/web'.
For full details use 'ddev describe'.
Configuration complete. You may now run 'ddev start'.


======== OS Information ========
Darwin computername 24.4.0 Darwin Kernel Version 24.4.0: Wed Mar 19 21:16:34 PDT 2025; root:xnu-11417.101.15~1/RELEASE_ARM64_T6000 arm64
ProductName:		macOS
ProductVersion:		15.4
BuildVersion:		24E248


======== User information ========
uid=94602514(username) gid=483470107 groups=483470107,12(everyone),62(netaccounts),79(_appserverusr),80(admin),81(_appserveradm),98(_lpadmin),705(com.apple.sharepoint.group.5),704(com.apple.sharepoint.group.4),703(com.apple.sharepoint.group.3),33(_appstore),100(_lpoperator),204(_developer),250(_analyticsusers),395(com.apple.access_ftp),398(com.apple.access_screensharing),399(com.apple.access_ssh),400(com.apple.access_remote_ae),701(com.apple.sharepoint.group.1),702(com.apple.sharepoint.group.2)


======== DDEV version ========
 ITEM             VALUE
 DDEV version     v1.24.4
 architecture     arm64
 cgo_enabled      0
 db               ddev/ddev-dbserver-mariadb-10.11:v1.24.4
 ddev-ssh-agent   ddev/ddev-ssh-agent:v1.24.4
 docker           28.0.4
 docker-api       1.48
 docker-compose   v2.34.0
 docker-platform  docker-desktop
 global-ddev-dir  /Users/username/.ddev
 go-version       go1.23.7
 mutagen          0.18.1
 os               darwin
 router           ddev/ddev-traefik-router:v1.24.4
 web              ddev/ddev-webserver:v1.24.4
 xhgui-image      ddev/ddev-xhgui:v1.24.4



======== proxy settings ========

 HTTP_PROXY=''
 HTTPS_PROXY=''
 http_proxy=''
 NO_PROXY=''



======== DDEV global info ========
developer-mode=false
fail-on-hook-fail=false
instrumentation-opt-in=true
instrumentation-queue-size=0
instrumentation-reporting-interval=0s
instrumentation-user=
internet-detection-timeout-ms=3000
last-started-version=v1.24.4
letsencrypt-email=
mailpit-http-port=8025
mailpit-https-port=8026
mkcert-caroot=/Users/username/Library/Application Support/mkcert
no-bind-mounts=false
omit-containers=[]
performance-mode=mutagen
project-tld=ddev.site
required-docker-compose-version=v2.34.0
router-bind-all-interfaces=false
router-http-port=80
router-https-port=443
simple-formatting=false
table-style=default
traefik-monitor-port=10999
use-docker-compose-from-path=false
use-hardened-images=false
use-letsencrypt=false
wsl2-no-windows-hosts-mgt=false
xdebug-ide-location=
xhgui-http-port=
xhgui-https-port=
xhprof-mode=


======== DOCKER provider info ========
docker client location: lrwxr-xr-x  1 username  wheel  54 Mar  1  2024 /usr/local/bin/docker -> /Applications/Docker.app/Contents/Resources/bin/docker

docker client alternate locations:
/usr/local/bin/docker
/usr/local/bin/docker

Docker provider: docker-desktop
Docker Desktop Version: Docker Desktop for Mac 4.40.0 build 187762


======== docker version ========
Client:
 Version:           28.0.4
 API version:       1.48
 Go version:        go1.23.7
 Git commit:        b8034c0
 Built:             Tue Mar 25 15:06:09 2025
 OS/Arch:           darwin/arm64
 Context:           default

Server: Docker Desktop 4.40.0 (187762)
 Engine:
  Version:          28.0.4
  API version:      1.48 (minimum version 1.24)
  Go version:       go1.23.7
  Git commit:       6430e49
  Built:            Tue Mar 25 15:07:18 2025
  OS/Arch:          linux/arm64
  Experimental:     false
 containerd:
  Version:          1.7.26
  GitCommit:        753481ec61c7c8955a23d6ff7bc8e4daed455734
 runc:
  Version:          1.2.5
  GitCommit:        v1.2.5-0-g59923ef
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0


======== docker context ls ========
NAME              DESCRIPTION                               DOCKER ENDPOINT                                   ERROR
default           Current DOCKER_HOST based configuration   unix:///var/run/docker.sock
desktop-linux *   Docker Desktop                            unix:///Users/username/.docker/run/docker.sock
orbstack          OrbStack                                  unix:///Users/username/.orbstack/run/docker.sock

DOCKER_HOST=unix:///Users/username/.docker/run/docker.sock
DOCKER_DEFAULT_PLATFORM=notset


======== ddev debug dockercheck ========
Docker platform: docker-desktop
Using Docker context: default (unix:///Users/username/.docker/run/docker.sock)
docker-compose: v2.34.0
Using DOCKER_HOST=unix:///Users/username/.docker/run/docker.sock
Docker version: 28.0.4
Docker API version: 1.48
Able to run simple container that mounts a volume.

Docker disk space:
Filesystem                Size      Used Available Use% Mounted on
overlay                  87.7G     53.4G     29.8G  64% /


======== Existing docker containers ========
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES


======== docker system df ========
TYPE            TOTAL     ACTIVE    SIZE      RECLAIMABLE
Images          93        0         3.621GB   3.621GB (100%)
Containers      0         0         0B        0B
Local Volumes   31        0         42.96GB   42.96GB (100%)
Build Cache     907       0         509.5MB   509.5MB

  Tips:
  1. Periodically check your Docker filesystem usage with 'docker system df'
  2. Use 'docker builder prune' to remove unused Docker build cache (it doesn't remove your data)
  3. To remove all containers and images (it doesn't remove your data):
    ```
    ddev poweroff
    docker rm -f $(docker ps -aq) || true
    docker rmi -f $(docker images -q)
    ```
    (DDEV images will be downloaded again on 'ddev start')


======== mkcert information ========
/opt/homebrew/bin/mkcert
/usr/local/bin/mkcert
/usr/local/bin/mkcert
CAROOT= WSLENV= JAVA_HOME=
/Users/username/Library/Application Support/mkcert
total 16
-r--------  1 username  483470107  2484 Mar 15  2023 rootCA-key.pem
-rw-r--r--  1 username  483470107  1732 Mar 15  2023 rootCA.pem


======== ping attempt on ddev.site ========
PING dkdkd.ddev.site (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.040 ms

--- dkdkd.ddev.site ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.040/0.040/0.040/0.000 ms


======== curl information ========
/usr/bin/curl


======== ddev debug rebuild ========
Rebuilding project images...
Rebuilding project tryddevproject-18339 with `/Users/username/.ddev/bin/docker-compose -f /Users/username/www/tryddevproject-18339/.ddev/.ddev-docker-compose-full.yaml --progress plain build web --no-cache`
#0 building with "default" instance using docker driver

#1 [web internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.54kB done
#1 DONE 0.0s

#2 [web internal] load metadata for docker.io/ddev/ddev-webserver:v1.24.4
#2 DONE 0.0s

#3 [web internal] load .dockerignore
#3 transferring context: 2B done
#3 DONE 0.0s

#4 [web  1/10] FROM docker.io/ddev/ddev-webserver:v1.24.4
#4 CACHED

#5 [web  2/10] RUN getent group tty || groupadd tty
#5 0.092 tty:x:5:
#5 DONE 0.2s

#6 [web  3/10] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#6 0.164 useradd warning: username's uid 94602514 outside of the UID_MIN 1000 and UID_MAX 60000 range.
#6 DONE 0.2s

#7 [web  4/10] RUN mkdir -p /home/username && chown username /home/username && chmod 600 /home/username/.pgpass
#7 DONE 0.1s

#8 [web  5/10] RUN START_SCRIPT_TIMEOUT=30 mariadb-client-install.sh || true
#8 0.141 This script is not intended to run with mariadb:10.11
#8 DONE 0.1s

#9 [web  6/10] RUN export XDEBUG_MODE=off; composer self-update --stable || composer self-update --stable || true; composer self-update --2 || log-stderr.sh composer self-update --2 || true
#9 0.215 Storing "stable" as default update channel for the next self-update run.
#9 0.471
#9 0.475 In CurlDownloader.php line 390:
#9 0.475
#9 0.475   curl error 60 while downloading https://getcomposer.org/versions: SSL certi
#9 0.475   ficate problem: unable to get local issuer certificate
#9 0.475
#9 0.475
#9 0.475 self-update [-r|--rollback] [--clean-backups] [--no-progress] [--update-keys] [--stable] [--preview] [--snapshot] [--1] [--2] [--2.2] [--set-channel-only] [--] [<version>]
#9 0.475
#9 0.622
#9 0.626 In CurlDownloader.php line 390:
#9 0.626
#9 0.626   curl error 60 while downloading https://getcomposer.org/versions: SSL certi
#9 0.626   ficate problem: unable to get local issuer certificate
#9 0.626
#9 0.626
#9 0.626 self-update [-r|--rollback] [--clean-backups] [--no-progress] [--update-keys] [--stable] [--preview] [--snapshot] [--1] [--2] [--2.2] [--set-channel-only] [--] [<version>]
#9 0.626
#9 0.798
#9 0.801 In CurlDownloader.php line 390:
#9 0.801
#9 0.801   curl error 60 while downloading https://getcomposer.org/versions: SSL certi
#9 0.801   ficate problem: unable to get local issuer certificate
#9 0.801
#9 0.801
#9 0.801 self-update [-r|--rollback] [--clean-backups] [--no-progress] [--update-keys] [--stable] [--preview] [--snapshot] [--1] [--2] [--2.2] [--set-channel-only] [--] [<version>]
#9 0.801
#9 0.966
#9 0.969 In CurlDownloader.php line 390:
#9 0.969
#9 0.969   curl error 60 while downloading https://getcomposer.org/versions: SSL certi
#9 0.969   ficate problem: unable to get local issuer certificate
#9 0.969
#9 0.969
#9 0.969 self-update [-r|--rollback] [--clean-backups] [--no-progress] [--update-keys] [--stable] [--preview] [--snapshot] [--1] [--2] [--2.2] [--set-channel-only] [--] [<version>]
#9 0.969
#9 DONE 1.0s

#10 [web  7/10] RUN timeout 30 apt-get update || true
#10 0.619 Ign:1 https://packages.sury.org/php bookworm InRelease
#10 0.649 Ign:2 https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian bookworm InRelease
#10 0.651 Ign:3 https://dl.cloudsmith.io/public/platformsh/cli/deb/debian bookworm InRelease
#10 0.882 Ign:4 https://dl.cloudsmith.io/public/platformsh/upsun-cli/deb/debian bookworm InRelease
#10 1.004 Get:5 http://deb.debian.org/debian bookworm InRelease [151 kB]
#10 1.031 Ign:6 https://apt.postgresql.org/pub/repos/apt bookworm-pgdg InRelease
#10 1.050 Ign:7 https://dl.cloudsmith.io/public/symfony/stable/deb/debian bookworm InRelease
#10 1.681 Get:8 http://nginx.org/packages/debian bookworm InRelease [2851 B]
#10 1.709 Ign:1 https://packages.sury.org/php bookworm InRelease
#10 1.733 Ign:2 https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian bookworm InRelease
#10 1.733 Ign:3 https://dl.cloudsmith.io/public/platformsh/cli/deb/debian bookworm InRelease
#10 1.969 Ign:4 https://dl.cloudsmith.io/public/platformsh/upsun-cli/deb/debian bookworm InRelease
#10 2.058 Get:9 http://deb.debian.org/debian bookworm-updates InRelease [55.4 kB]
#10 2.114 Ign:6 https://apt.postgresql.org/pub/repos/apt bookworm-pgdg InRelease
#10 2.166 Ign:7 https://dl.cloudsmith.io/public/symfony/stable/deb/debian bookworm InRelease
#10 2.443 Get:10 http://nginx.org/packages/debian bookworm/nginx arm64 Packages [18.4 kB]
#10 3.023 Get:11 http://packages.blackfire.io/debian any InRelease [29.2 kB]
#10 3.106 Get:12 http://deb.debian.org/debian-security bookworm-security InRelease [48.0 kB]
#10 3.784 Ign:1 https://packages.sury.org/php bookworm InRelease
#10 3.803 Ign:2 https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian bookworm InRelease
#10 3.803 Ign:3 https://dl.cloudsmith.io/public/platformsh/cli/deb/debian bookworm InRelease
#10 4.060 Ign:4 https://dl.cloudsmith.io/public/platformsh/upsun-cli/deb/debian bookworm InRelease
#10 4.195 Ign:6 https://apt.postgresql.org/pub/repos/apt bookworm-pgdg InRelease
#10 4.242 Ign:7 https://dl.cloudsmith.io/public/symfony/stable/deb/debian bookworm InRelease
#10 4.616 Get:13 http://packages.blackfire.io/debian any/main arm64 Packages [30.8 kB]
#10 6.624 Get:14 http://deb.debian.org/debian bookworm/main arm64 Packages [8692 kB]
#10 7.908 Err:1 https://packages.sury.org/php bookworm InRelease
#10 7.908   Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 146.75.31.52 443]
#10 7.923 Err:2 https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian bookworm InRelease
#10 7.923   Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 104.18.135.24 443]
#10 7.923 Err:3 https://dl.cloudsmith.io/public/platformsh/cli/deb/debian bookworm InRelease
#10 7.923   Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 3.167.152.56 443]
#10 8.161 Err:4 https://dl.cloudsmith.io/public/platformsh/upsun-cli/deb/debian bookworm InRelease
#10 8.161   Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 3.167.152.56 443]
#10 8.284 Err:6 https://apt.postgresql.org/pub/repos/apt bookworm-pgdg InRelease
#10 8.284   Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 87.238.57.227 443]
#10 8.311 Err:7 https://dl.cloudsmith.io/public/symfony/stable/deb/debian bookworm InRelease
#10 8.311   Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 3.167.152.56 443]
#10 10.61 Get:15 http://deb.debian.org/debian bookworm-updates/main arm64 Packages [512 B]
#10 11.22 Get:16 http://deb.debian.org/debian-security bookworm-security/main arm64 Packages [250 kB]
#10 11.33 Fetched 9278 kB in 11s (831 kB/s)
#10 11.33 Reading package lists...
#10 11.60 W: Failed to fetch https://dlm.mariadb.com/repo/mariadb-server/10.11/repo/debian/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 104.18.135.24 443]
#10 11.60 W: Failed to fetch https://apt.postgresql.org/pub/repos/apt/dists/bookworm-pgdg/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 87.238.57.227 443]
#10 11.60 W: Failed to fetch https://packages.sury.org/php/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 146.75.31.52 443]
#10 11.60 W: Failed to fetch https://dl.cloudsmith.io/public/platformsh/cli/deb/debian/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 3.167.152.56 443]
#10 11.60 W: Failed to fetch https://dl.cloudsmith.io/public/platformsh/upsun-cli/deb/debian/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 3.167.152.56 443]
#10 11.60 W: Failed to fetch https://dl.cloudsmith.io/public/symfony/stable/deb/debian/dists/bookworm/InRelease  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 3.167.152.56 443]
#10 11.60 W: Some index files failed to download. They have been ignored, or old ones used instead.
#10 DONE 11.6s

#11 [web  8/10] RUN curl -I https://www.google.com
#11 0.119   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#11 0.119                                  Dload  Upload   Total   Spent    Left  Speed
#11 0.119
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
#11 0.265 curl: (60) SSL certificate problem: unable to get local issuer certificate
#11 0.265 More details here: https://curl.se/docs/sslcerts.html
#11 0.265
#11 0.265 curl failed to verify the legitimacy of the server and therefore could not
#11 0.265 establish a secure connection to it. To learn more about this situation and
#11 0.265 how to fix it, please visit the web page mentioned above.
#11 ERROR: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60
------
 > [web  8/10] RUN curl -I https://www.google.com:

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
0.265 curl: (60) SSL certificate problem: unable to get local issuer certificate
0.265 More details here: https://curl.se/docs/sslcerts.html
0.265
0.265 curl failed to verify the legitimacy of the server and therefore could not
0.265 establish a secure connection to it. To learn more about this situation and
0.265 how to fix it, please visit the web page mentioned above.
------
failed to solve: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60
Failed to execute `/Users/username/.ddev/bin/docker-compose -f /Users/username/www/tryddevproject-18339/.ddev/.ddev-docker-compose-full.yaml --progress plain build web --no-cache`: exit status 1


======== Project startup ========
Network ddev_default created
Starting tryddevproject-18339...
2025-04-14T09:53:35.29 GetAvailableRouterPort(): proposedPort 80 is available, use proposedPort=80
2025-04-14T09:53:35.291 GetAvailableRouterPort(): proposedPort 443 is available, use proposedPort=443
2025-04-14T09:53:35.292 GetAvailableRouterPort(): proposedPort 8025 is available, use proposedPort=8025
2025-04-14T09:53:35.293 GetAvailableRouterPort(): proposedPort 8026 is available, use proposedPort=8026
2025-04-14T09:53:35.322 Pulled image for ddev/ddev-webserver:v1.24.4
2025-04-14T09:53:35.323 Pulled image for busybox:stable
2025-04-14T09:53:35.324 Pulled image for ddev/ddev-utilities
2025-04-14T09:53:35.326 Pulled image for ddev/ddev-ssh-agent:v1.24.4
2025-04-14T09:53:35.327 Pulled image for ddev/ddev-traefik-router:v1.24.4
2025-04-14T09:53:35.51 GetDockerContext: contextInfo='default unix:///Users/username/.docker/run/docker.sock'
2025-04-14T09:53:35.51 Using Docker context default (unix:///Users/username/.docker/run/docker.sock)
2025-04-14T09:53:35.51 Mutagen sync session, configuration, and Docker volume are in incompatible status: 'Calculated mutagen.yml hash does not equal session label', Removing Mutagen sync session 'tryddevproject-18339' and Docker volume tryddevproject-18339_project_mutagen
2025-04-14T09:53:35.548 GetDockerContext: contextInfo='default unix:///Users/username/.docker/run/docker.sock'
2025-04-14T09:53:35.548 Using Docker context default (unix:///Users/username/.docker/run/docker.sock)
2025-04-14T09:53:35.548 Creating new docker volume 'tryddevproject-18339_project_mutagen' with signature 'Users-username-docker-run-1744638815'
2025-04-14T09:53:35.563 GetDockerContext: contextInfo='default unix:///Users/username/.docker/run/docker.sock'
2025-04-14T09:53:35.563 Using Docker context default (unix:///Users/username/.docker/run/docker.sock)
2025-04-14T09:53:35.737 chowning /mnt/ddev-global-cache and /var/lib/mysql to 94602514
2025-04-14T09:53:36.01 done chowning /mnt/ddev-global-cache and /var/lib/mysql to 94602514
 Container ddev-ssh-agent  Created
 Container ddev-ssh-agent  Started
2025-04-14T09:53:36.307 Waiting for ddev-ssh-agent to become ready, timeout=60
ssh-agent container is running: If you want to add authentication to the ssh-agent container, run 'ddev auth ssh' to enable your keys.
Using custom web-build configuration: [
	/Users/username/www/tryddevproject-18339/.ddev/web-build/Dockerfile.test
]
Custom configuration is updated on restart.
If you don't see your custom configuration taking effect, run 'ddev restart'.
2025-04-14T09:53:41.83 host.docker.internal='' because no other case was discovered
2025-04-14T09:53:41.839 Using automatically detected timezone: TZ=America/Detroit
2025-04-14T09:53:41.901 Pulled image for ddev/ddev-dbserver-mariadb-10.11:v1.24.4
2025-04-14T09:53:41.902 Pulled image for ddev/ddev-webserver:v1.24.4
2025-04-14T09:53:41.903 Pulled image for ddev/ddev-ssh-agent:v1.24.4
2025-04-14T09:53:41.904 Pulled image for ddev/ddev-traefik-router:v1.24.4
Building project images...
2025-04-14T09:53:42.028 Executing docker-compose -f /Users/username/www/tryddevproject-18339/.ddev/.ddev-docker-compose-full.yaml build --progress=plain
.failed to solve: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60

Failed to start tryddevproject-18339: docker-compose build failed: composeCmd failed to run 'COMPOSE_PROJECT_NAME=ddev-tryddevproject-18339 docker-compose -f /Users/username/www/tryddevproject-18339/.ddev/.ddev-docker-compose-full.yaml --progress=plain build', action='[--progress=plain build]', err='exit status 1', stdout='#0 building with "default" instance using docker driver

#1 [web internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.54kB done
#1 DONE 0.0s

#2 [db internal] load build definition from Dockerfile
#2 transferring dockerfile: 776B done
#2 DONE 0.0s

#3 [web internal] load metadata for docker.io/ddev/ddev-webserver:v1.24.4
#3 DONE 0.0s

#4 [db internal] load metadata for docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#4 DONE 0.0s

#5 [web internal] load .dockerignore
#5 transferring context: 2B done
#5 DONE 0.0s

#6 [db internal] load .dockerignore
#6 transferring context: 2B done
#6 DONE 0.0s

#7 [web  1/10] FROM docker.io/ddev/ddev-webserver:v1.24.4
#7 DONE 0.0s

#8 [web  2/10] RUN getent group tty || groupadd tty
#8 CACHED

#9 [web  5/10] RUN START_SCRIPT_TIMEOUT=30 mariadb-client-install.sh || true
#9 CACHED

#10 [web  6/10] RUN export XDEBUG_MODE=off; composer self-update --stable || composer self-update --stable || true; composer self-update --2 || log-stderr.sh composer self-update --2 || true
#10 CACHED

#11 [web  3/10] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#11 CACHED

#12 [web  4/10] RUN mkdir -p /home/username && chown username /home/username && chmod 600 /home/username/.pgpass
#12 CACHED

#13 [web  7/10] RUN timeout 30 apt-get update || true
#13 CACHED

#14 [db 1/3] FROM docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#14 DONE 0.0s

#15 [db 2/3] RUN getent group tty || groupadd tty
#15 CACHED

#16 [db 3/3] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#16 CACHED

#17 [db] exporting to image
#17 exporting layers done
#17 writing image sha256:7bc2dff55adb13b33f79095c5d48f7ded0888405e4e9276519282de80c177f71 done
#17 naming to docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4-tryddevproject-18339-built done
#17 DONE 0.0s

#18 [db] resolving provenance for metadata file
#18 DONE 0.0s

#19 [web  8/10] RUN curl -I https://www.google.com
#19 0.096   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#19 0.096                                  Dload  Upload   Total   Spent    Left  Speed
#19 0.096
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
#19 0.152 curl: (60) SSL certificate problem: unable to get local issuer certificate
#19 0.152 More details here: https://curl.se/docs/sslcerts.html
#19 0.152
#19 0.152 curl failed to verify the legitimacy of the server and therefore could not
#19 0.152 establish a secure connection to it. To learn more about this situation and
#19 0.152 how to fix it, please visit the web page mentioned above.
#19 ERROR: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60
------
 > [web  8/10] RUN curl -I https://www.google.com:

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
0.152 curl: (60) SSL certificate problem: unable to get local issuer certificate
0.152 More details here: https://curl.se/docs/sslcerts.html
0.152
0.152 curl failed to verify the legitimacy of the server and therefore could not
0.152 establish a secure connection to it. To learn more about this situation and
0.152 how to fix it, please visit the web page mentioned above.
------
', stderr='failed to solve: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60', output='#0 building with "default" instance using docker driver

#1 [web internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.54kB done
#1 DONE 0.0s

#2 [db internal] load build definition from Dockerfile
#2 transferring dockerfile: 776B done
#2 DONE 0.0s

#3 [web internal] load metadata for docker.io/ddev/ddev-webserver:v1.24.4
#3 DONE 0.0s

#4 [db internal] load metadata for docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#4 DONE 0.0s

#5 [web internal] load .dockerignore
#5 transferring context: 2B done
#5 DONE 0.0s

#6 [db internal] load .dockerignore
#6 transferring context: 2B done
#6 DONE 0.0s

#7 [web  1/10] FROM docker.io/ddev/ddev-webserver:v1.24.4
#7 DONE 0.0s

#8 [web  2/10] RUN getent group tty || groupadd tty
#8 CACHED

#9 [web  5/10] RUN START_SCRIPT_TIMEOUT=30 mariadb-client-install.sh || true
#9 CACHED

#10 [web  6/10] RUN export XDEBUG_MODE=off; composer self-update --stable || composer self-update --stable || true; composer self-update --2 || log-stderr.sh composer self-update --2 || true
#10 CACHED

#11 [web  3/10] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#11 CACHED

#12 [web  4/10] RUN mkdir -p /home/username && chown username /home/username && chmod 600 /home/username/.pgpass
#12 CACHED

#13 [web  7/10] RUN timeout 30 apt-get update || true
#13 CACHED

#14 [db 1/3] FROM docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#14 DONE 0.0s

#15 [db 2/3] RUN getent group tty || groupadd tty
#15 CACHED

#16 [db 3/3] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#16 CACHED

#17 [db] exporting to image
#17 exporting layers done
#17 writing image sha256:7bc2dff55adb13b33f79095c5d48f7ded0888405e4e9276519282de80c177f71 done
#17 naming to docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4-tryddevproject-18339-built done
#17 DONE 0.0s

#18 [db] resolving provenance for metadata file
#18 DONE 0.0s

#19 [web  8/10] RUN curl -I https://www.google.com
#19 0.096   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#19 0.096                                  Dload  Upload   Total   Spent    Left  Speed
#19 0.096
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
#19 0.152 curl: (60) SSL certificate problem: unable to get local issuer certificate
#19 0.152 More details here: https://curl.se/docs/sslcerts.html
#19 0.152
#19 0.152 curl failed to verify the legitimacy of the server and therefore could not
#19 0.152 establish a secure connection to it. To learn more about this situation and
#19 0.152 how to fix it, please visit the web page mentioned above.
#19 ERROR: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60
------
 > [web  8/10] RUN curl -I https://www.google.com:

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
0.152 curl: (60) SSL certificate problem: unable to get local issuer certificate
0.152 More details here: https://curl.se/docs/sslcerts.html
0.152
0.152 curl failed to verify the legitimacy of the server and therefore could not
0.152 establish a secure connection to it. To learn more about this situation and
0.152 how to fix it, please visit the web page mentioned above.
------
', stderr='failed to solve: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60'
Something went wrong with /Users/username/www: a project is not allowed in /Users/username/www because another project exists in the subdirectory /Users/username/www/www-project
Unlist this project (if it exists) with 'cd "/Users/username/www" && ddev stop --unlist'
Or run 'ddev stop --unlist' for all projects in the subdirectories of this project directory
┌──────────────────────┬─────────┬────────────────────────────┬─────┬──────────┐
│ NAME                 │ STATUS  │ LOCATION                   │ URL │ TYPE     │
├──────────────────────┼─────────┼────────────────────────────┼─────┼──────────┤
│ crx-project            │ stopped │ ~/www/crx-project            │     │ craftcms │
├──────────────────────┼─────────┼────────────────────────────┼─────┼──────────┤
│ europa-museum        │ stopped │ ~/www/europa-museum        │     │ craftcms │
├──────────────────────┼─────────┼────────────────────────────┼─────┼──────────┤
│ my-craft-project     │ stopped │ ~/www/my-craft-project     │     │ craftcms │
├──────────────────────┼─────────┼────────────────────────────┼─────┼──────────┤
│ tech-transfer        │ stopped │ ~/www/tech-transfer        │     │ craftcms │
├──────────────────────┼─────────┼────────────────────────────┼─────┼──────────┤
│ tryddevproject-18339 │ stopped │ ~/www/tryddevproject-18339 │     │ php      │
├──────
A948
────────────────┼─────────┼────────────────────────────┼─────┼──────────┤
│ www-project            │ stopped │ ~/www/www-project            │     │ craftcms │
├──────────────────────┼─────────┼────────────────────────────┼─────┼──────────┤
│ Router               │ stopped │ ~/.ddev                    │     │          │
└──────────────────────┴─────────┴────────────────────────────┴─────┴──────────┘

┌──────────────────────────────────┐
│ Project: tryddevproject-18339 ~/ │
│ www/tryddevproject-18339 https:/ │
│ /tryddevproject-18339.ddev.site  │
│ Docker platform: docker-desktop  │
│ Router: traefik                  │
├─────────┬──────┬──────────┬──────┤
│ SERVICE │ STAT │ URL/PORT │ INFO │
├─────────┼──────┼──────────┼──────┤
└─────────┴──────┴──────────┴──────┘

============= ddev-tryddevproject-18339-web healthcheck run =========
Error response from daemon: No such container: ddev-tryddevproject-18339-web
============= ddev logs =========
No running service container web was found
============= contents of /mnt/ddev_config  =========
Error response from daemon: No such container: ddev-tryddevproject-18339-db


======== Curl of site from inside container ========
Project is not currently running. Try 'ddev start'.


======== curl -I of null (web container http docker bind port) from outside ========
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0curl: (6) Could not resolve host: null


======== curl -I of http://tryddevproject-18339.ddev.site (router http URL) from outside ========
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to tryddevproject-18339.ddev.site port 80 after 1 ms: Couldn't connect to server


======== Full curl of http://tryddevproject-18339.ddev.site (router http URL) from outside ========
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to tryddevproject-18339.ddev.site port 80 after 1 ms: Couldn't connect to server


======== Full curl of https://tryddevproject-18339.ddev.site (router https URL) from outside ========
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) Failed to connect to tryddevproject-18339.ddev.site port 443 after 1 ms: Couldn't connect to server


======== Curl google.com to check internet access and VPN ========
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
HTTP/1.1 200 OK
Content-Type: text/html; charset=ISO-8859-1
Content-Security-Policy-Report-Only: object-src 'none';base-uri 'self';script-src 'nonce-NjPRrcxqVsPTnxWdGC-biw' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other-hp
Accept-CH: Sec-CH-Prefers-Color-Scheme
P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
Date: Mon, 14 Apr 2025 13:53:44 GMT
Server: gws
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Expires: Mon, 14 Apr 2025 13:53:44 GMT
Cache-Control: private
Set-Cookie: AEC=AVcja2c2955tIsY0w8cRNUPkAPR76P-Z42hUCi0hJk9fSidyqz_MhhDPYA; expires=Sat, 11-Oct-2025 13:53:44 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax
Set-Cookie: NID=523=CxBI-wJQQ4ZKHExRLznWhr54I_EMJNLHVZpQPRKWgs8ALQ22AWnBGu_PuIfzdHGP5VAFsQCV8OmGJ9E-x3A25p2OqSlR70OQO_bXZzhi3mwhW_3vvRXzAlI9lB9KdRCEAV-ghWsh7juPqVtaKsmpy7imYBAj0ywG12I-rt05A43-W8Skm48im23qGG2tA3YAhUTTDX0nTda82MOBjXY; expires=Tue, 14-Oct-2025 13:53:44 GMT; path=/; domain=.google.com; HttpOnly
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Connection: close



======== host.docker.internal status ========
Project is not currently running. Try 'ddev start'.


======== Project ownership on host ========
drwxr-xr-x  4 username  483470107  128 Apr 14 09:53 ../tryddevproject-18339


======== Project ownership in container ========
Project is not currently running. Try 'ddev start'.


======== In-container filesystem ========
Project is not currently running. Try 'ddev start'.


======== Thanks for running the diagnostic! ========
Running ddev launch in 3 seconds
Running ddev launch
Project tryddevproject-18339 is not running, starting it
Starting tryddevproject-18339...
Using custom web-build configuration: [
	/Users/username/www/tryddevproject-18339/.ddev/web-build/Dockerfile.test
]
Custom configuration is updated on restart.
If you don't see your custom configuration taking effect, run 'ddev restart'.
Building project images....failed to solve: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60

Failed to start tryddevproject-18339: docker-compose build failed: composeCmd failed to run 'COMPOSE_PROJECT_NAME=ddev-tryddevproject-18339 docker-compose -f /Users/username/www/tryddevproject-18339/.ddev/.ddev-docker-compose-full.yaml --progress=plain build', action='[--progress=plain build]', err='exit status 1', stdout='#0 building with "default" instance using docker driver

#1 [web internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.54kB done
#1 DONE 0.0s

#2 [db internal] load build definition from Dockerfile
#2 transferring dockerfile: 776B done
#2 DONE 0.0s

#3 [web internal] load metadata for docker.io/ddev/ddev-webserver:v1.24.4
#3 DONE 0.0s

#4 [db internal] load metadata for docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#4 DONE 0.0s

#5 [web internal] load .dockerignore
#5 transferring context: 2B done
#5 DONE 0.0s

#6 [db internal] load .dockerignore
#6 transferring context: 2B done
#6 DONE 0.0s

#7 [web  1/10] FROM docker.io/ddev/ddev-webserver:v1.24.4
#7 DONE 0.0s

#8 [web  3/10] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#8 CACHED

#9 [web  6/10] RUN export XDEBUG_MODE=off; composer self-update --stable || composer self-update --stable || true; composer self-update --2 || log-stderr.sh composer self-update --2 || true
#9 CACHED

#10 [web  2/10] RUN getent group tty || groupadd tty
#10 CACHED

#11 [web  5/10] RUN START_SCRIPT_TIMEOUT=30 mariadb-client-install.sh || true
#11 CACHED

#12 [web  4/10] RUN mkdir -p /home/username && chown username /home/username && chmod 600 /home/username/.pgpass
#12 CACHED

#13 [web  7/10] RUN timeout 30 apt-get update || true
#13 CACHED

#14 [db 1/3] FROM docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#14 DONE 0.0s

#15 [db 2/3] RUN getent group tty || groupadd tty
#15 CACHED

#16 [db 3/3] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#16 CACHED

#17 [db] exporting to image
#17 exporting layers done
#17 writing image sha256:7bc2dff55adb13b33f79095c5d48f7ded0888405e4e9276519282de80c177f71 done
#17 naming to docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4-tryddevproject-18339-built done
#17 DONE 0.0s

#18 [db] resolving provenance for metadata file
#18 DONE 0.0s

#19 [web  8/10] RUN curl -I https://www.google.com
#19 0.109   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#19 0.109                                  Dload  Upload   Total   Spent    Left  Speed
#19 0.109
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
#19 0.176 curl: (60) SSL certificate problem: unable to get local issuer certificate
#19 0.176 More details here: https://curl.se/docs/sslcerts.html
#19 0.176
#19 0.176 curl failed to verify the legitimacy of the server and therefore could not
#19 0.176 establish a secure connection to it. To learn more about this situation and
#19 0.176 how to fix it, please visit the web page mentioned above.
#19 ERROR: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60
------
 > [web  8/10] RUN curl -I https://www.google.com:

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
0.176 curl: (60) SSL certificate problem: unable to get local issuer certificate
0.176 More details here: https://curl.se/docs/sslcerts.html
0.176
0.176 curl failed to verify the legitimacy of the server and therefore could not
0.176 establish a secure connection to it. To learn more about this situation and
0.176 how to fix it, please visit the web page mentioned above.
------
', stderr='failed to solve: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60', output='#0 building with "default" instance using docker driver

#1 [web internal] load build definition from Dockerfile
#1 transferring dockerfile: 1.54kB done
#1 DONE 0.0s

#2 [db internal] load build definition from Dockerfile
#2 transferring dockerfile: 776B done
#2 DONE 0.0s

#3 [web internal] load metadata for docker.io/ddev/ddev-webserver:v1.24.4
#3 DONE 0.0s

#4 [db internal] load metadata for docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#4 DONE 0.0s

#5 [web internal] load .dockerignore
#5 transferring context: 2B done
#5 DONE 0.0s

#6 [db internal] load .dockerignore
#6 transferring context: 2B done
#6 DONE 0.0s

#7 [web  1/10] FROM docker.io/ddev/ddev-webserver:v1.24.4
#7 DONE 0.0s

#8 [web  3/10] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#8 CACHED

#9 [web  6/10] RUN export XDEBUG_MODE=off; composer self-update --stable || composer self-update --stable || true; composer self-update --2 || log-stderr.sh composer self-update --2 || true
#9 CACHED

#10 [web  2/10] RUN getent group tty || groupadd tty
#10 CACHED

#11 [web  5/10] RUN START_SCRIPT_TIMEOUT=30 mariadb-client-install.sh || true
#11 CACHED

#12 [web  4/10] RUN mkdir -p /home/username && chown username /home/username && chmod 600 /home/username/.pgpass
#12 CACHED

#13 [web  7/10] RUN timeout 30 apt-get update || true
#13 CACHED

#14 [db 1/3] FROM docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4
#14 DONE 0.0s

#15 [db 2/3] RUN getent group tty || groupadd tty
#15 CACHED

#16 [db 3/3] RUN (groupadd --gid 483470107 "username" || groupadd "username" || true) && (useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' --uid 94602514 "username" || useradd -G tty -l -m -s "/bin/bash" --gid "username" --comment '' "username" || useradd  -G tty -l -m -s "/bin/bash" --gid "483470107" --comment '' "username" || useradd -G tty -l -m -s "/bin/bash" --comment '' username )
#16 CACHED

#17 [db] exporting to image
#17 exporting layers done
#17 writing image sha256:7bc2dff55adb13b33f79095c5d48f7ded0888405e4e9276519282de80c177f71 done
#17 naming to docker.io/ddev/ddev-dbserver-mariadb-10.11:v1.24.4-tryddevproject-18339-built done
#17 DONE 0.0s

#18 [db] resolving provenance for metadata file
#18 DONE 0.0s

#19 [web  8/10] RUN curl -I https://www.google.com
#19 0.109   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
#19 0.109                                  Dload  Upload   Total   Spent    Left  Speed
#19 0.109
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
#19 0.176 curl: (60) SSL certificate problem: unable to get local issuer certificate
#19 0.176 More details here: https://curl.se/docs/sslcerts.html
#19 0.176
#19 0.176 curl failed to verify the legitimacy of the server and therefore could not
#19 0.176 establish a secure connection to it. To learn more about this situation and
#19 0.176 how to fix it, please visit the web page mentioned above.
#19 ERROR: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60
------
 > [web  8/10] RUN curl -I https://www.google.com:

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
0.176 curl: (60) SSL certificate problem: unable to get local issuer certificate
0.176 More details here: https://curl.se/docs/sslcerts.html
0.176
0.176 curl failed to verify the legitimacy of the server and therefore could not
0.176 establish a secure connection to it. To learn more about this situation and
0.176 how to fix it, please visit the web page mentioned above.
------
', stderr='failed to solve: process "/bin/bash -c curl -I https://www.google.com" did not complete successfully: exit code: 60'
Failed to run launch ; error=exit status 1
Waiting for ddev launch to complete before deleting project


Cleanup: deleting test project tryddevproject-18339
Volume tryddevproject-18339-mariadb for project tryddevproject-18339 was deleted
Volume tryddevproject-18339-postgres for project tryddevproject-18339 was deleted
Volume tryddevproject-18339_project_mutagen for project tryddevproject-18339 was deleted
Image ddev/ddev-dbserver-mariadb-10.11:v1.24.4-tryddevproject-18339-built for project tryddevproject-18339 was deleted
Project tryddevproject-18339 was deleted. Your code and configuration are unchanged.

Please remove the files from this test with 'rm -r ../tryddevproject-18339'

Expected Behavior

Our company just recently switched to Zscaler in which the VPN rewrites certs for all network traffic. I'm on macOS. This has given me errors with my current ddev Craft CMS projects where Composer, NPM, mysql build updates no longer works. I have went through this Stack Overflow thread and have worked with my IS department to modify the Dockerfile to allow our new certs and we hit a few snags. With our current setup, we were able to get composer update to work again in Terminal, but updating Composer itself still doesn't work. npm is also still unresponsive.

Ddev should be using the zscaler cert file that was provided by IS and is working inside the container, but not in my macos terminal with commands such as ddev npm update.

Actual Behavior

Commands such as ddev npm update and other scripts are not trusting the installed Zscaler cert and it's falling with reaching any update server.

With my current Dockerfile, I'm now able to run ddev composer update, but ddev composer self-update still does not work.

Steps To Reproduce

No response

Anything else?

We have added the following Dockerfile in .ddev/db-build/Dockerfile and .ddev/web-build/Dockerfile along with the ZscalerRootCertificate they supplied inside those respective folders.

## #ddev-generated
## You can copy this Dockerfile.example to Dockerfile to add configuration
## or packages or anything else to your webimage
## These additions will be appended last to DDEV's own Dockerfile
# RUN echo "Built on $(date)" > /build-date.txt

# Required for Zscaler Cert to work for Composer
# COPY *.crt /usr/local/share/ca-certificates/
# RUN update-ca-certificates --fresh

ADD ZscalerRootCertificate-2048-SHA256.crt /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt
RUN chmod 644 /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt && update-ca-certificates --fresh

# Create zscaler root cert bundle for those tools that require it
# This may need to be updated periodically by rebuilding the container without cache
RUN curl https://curl.se/ca/cacert.pem --output /usr/local/share/ca-certificates/mozilla_bundle.pem && \
    cat /usr/local/share/ca-certificates/ZscalerRootCertificate-2048-SHA256.crt >> /usr/local/share/ca-certificates/mozilla_bundle.pem && \
    chmod 644 /usr/local/share/ca-certificates/mozilla_bundle.pem

# Set environment variables for the docker build environment. This allows
# additional commands in the Dockerfile to utilize the cert bundle.
ARG REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/mozilla_bundle.pem
ARG CURL_CA_BUNDLE=/usr/local/share/ca-certificates/mozilla_bundle.pem
ARG NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/mozilla_bundle.pem

# Set environment variables for the docker runtime environment.
ENV REQUESTS_CA_BUNDLE="/usr/local/share/ca-certificates/mozilla_bundle.pem"
ENV CURL_CA_BUNDLE="/usr/local/share/ca-certificates/mozilla_bundle.pem"
ENV NODE_EXTRA_CA_CERTS="/usr/local/share/ca-certificates/mozilla_bundle.pem"
ENV COMPOSER_SSL_CA="/usr/local/share/ca-certificates/mozilla_bundle.pem"

After some troubleshooting we found that the commands work within the Docker container itself and the certificates are present in the containers themselves, but running commands like ddev npm update, in my macOS Terminal gives us issues.

We found that ddev dynamically generates the dockerfile to build the container and appends the custom dockerfile to the end. However, the command to run the curl happens BEFORE the contents of the dockerfile is processed. Therefore, when the curl command runs the environment has not been setup yet.

RUN START_SCRIPT_TIMEOUT=30 mysql-client-install.sh || true

The curl command is in the ddev repo mysql-client-install.sh file. This script is executed before the contents of your custom dockerfile that you see below.

The problem is in ddev/pkg/ddevapp/config.go

The most obvious and easy solution here is to inject RUN START_SCRIPT_TIMEOUT=30 mysql-client-install.sh || true at the end of the dockerfile.

If we edit the .ddev/.webimageBuild/Dockerfile and move that RUN line to the end, it should solve that curl problem, which it does, but that doesn't seem like a good fix on our end.

The problem occurs when it is building the container

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0