Could not handshake: Error in the certificate verification----when to create docker image

Question

To go on building the docker image according to create docker image

mkdir mydocker
cd  mydocker
vim wechat.Dockerfile 
#copy all lines in the webpage,save and quit
docker build -f wechat.Dockerfile --tag=wechat:0.0.1 .
Sending build context to Docker daemon  3.072kB
Step 1/17 : FROM ubuntu:20.04
 ---> 1a437e363abf
Step 2/17 : ENV DEBIAN_FRONTEND noninteractive
 ---> Using cache
 ---> b50f2f223d69
Step 3/17 : RUN apt-get update && apt-get install -y --no-install-recommends         build-essential         locales         locales-all         gnupg         locales         locales-all         fcitx-libs-dev         fcitx-bin         fcitx-googlepinyin         fcitx         fcitx-ui-qimpanel         fcitx-sunpinyin         dbus-x11         im-config
 ---> Using cache
 ---> 3da4c629070e
Step 4/17 : RUN apt-get clean
 ---> Using cache
 ---> 1008a7443a43
Step 5/17 : RUN echo "deb http://archive.ubuntukylin.com/ubuntukylin focal-partner main" > /etc/apt/sources.list.d/wechat.list &&     apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 56583E647FFA7DE7
 ---> Using cache
 ---> c1735637b165
Step 6/17 : RUN apt-get update && apt-get install -y --no-install-recommends         weixin         language-pack-zh*         chinese*         fonts-wqy-microhei         fonts-wqy-zenhei         xfonts-wqy
 ---> Running in 5ed3ed6f1070
Get:1 http://security.ubuntu.com/ubuntu focal-security InRelease [114 kB]
Hit:2 http://archive.ubuntu.com/ubuntu focal InRelease
Get:4 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB]
Ign:3 https://archive.ubuntukylin.com/ubuntukylin focal-partner InRelease
Get:6 http://archive.ubuntu.com/ubuntu focal-backports InRelease [108 kB]
Err:5 https://archive.ubuntukylin.com/ubuntukylin focal-partner Release
  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification. [IP: 120.79.211.60 443]
Reading package lists...
W: http://archive.ubuntukylin.com/ubuntukylin/dists/focal-partner/InRelease: No system certificates available. Try installing ca-certificates.
W: http://archive.ubuntukylin.com/ubuntukylin/dists/focal-partner/Release: No system certificates available. Try installing ca-certificates.
E: The repository 'http://archive.ubuntukylin.com/ubuntukylin focal-partner Release' does not have a Release file.
The command '/bin/sh -c apt-get update && apt-get install -y --no-install-recommends         weixin         language-pack-zh*         chinese*         fonts-wqy-microhei         fonts-wqy-zenhei         xfonts-wqy' returned a non-zero code: 100

Reinstall package:

sudo apt install --reinstall ca-certificates
sudo chmod 755 /etc /etc/ssl /etc/ssl/certs
sudo chmod 644 /etc/ssl/certs/ca-certificates.crt

Try to build docker image again,it occut to the same error info such as before.

Answer 1

If you trust archive.ubuntukylin.com you can run apt-get update and apt-get install with options:

-o Acquire::https::archive.ubuntukylin.com::Verify-Peer=false

-o Acquire::https::archive.ubuntukylin.com::Verify-Host=false

Then i recommend install ca-certificates, install required certificates and normally use apt-get update/install:

RUN apt-get update -o Acquire::https::archive.ubuntukylin.com::Verify-Peer=false -o Acquire::https::archive.ubuntukylin.com::Verify-Host=false && apt-get install -o Acquire::https::archive.ubuntukylin.com::Verify-Peer=false -o Acquire::https::archive.ubuntukylin.com::Verify-Host=false -y ca-certificates

Answer 2

For those getting error after messing with the root ca certificate in /etc/ssl/certs, you can do

sudo apt-get clean

sudo apt-get install -y ca-certificates

sudo update-ca-certificates

sudo apt-get update

this will likely solve the problem.