I’m working with Docker on Windows 10 using WSL2 Ubuntu. My setup works fine when I run npm install directly in the Ubuntu terminal, but I get SSL certificate issues when building Docker images.
The error happens during the build process when Docker tries to run npm install:
request to https://registry.npmjs.org/some-package failed, reason: unable to get local issuer certificate
I fixed the certificate problem for regular terminal use by setting:
export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt
npm config set cafile /etc/ssl/certs/ca-certificates.crt
But when I add similar settings to my Dockerfile, it doesn’t work:
ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/custom-ca.crt
RUN npm install
I also tried installing ca-certificates in the container but still get the same SSL errors. The npm commands work perfectly in WSL2 terminal but fail inside Docker containers. How can I properly configure certificates for npm inside Docker containers?
This WSL2/Docker certificate mess is exactly why I ditched manual certificate copying years ago. Every time corporate updates certs or someone tweaks the host system, those hardcoded paths break.
Instead of fighting with Dockerfile certificate paths, I built an automated pipeline for this whole workflow. It catches npm install SSL errors, grabs the right certificates from whatever system it’s on (WSL2, regular Linux, doesn’t matter), injects them into the Docker build context, and rebuilds.
The real magic? It monitors your builds continuously. When certificate issues hit, it doesn’t just fail - it tries different certificate sources and configs until npm install works. No more manual debugging of paths or wondering why your Dockerfile worked yesterday but craps out today.
This scales way better than copying files around. One automation workflow handles certificate management across all your Docker projects, no matter what host environment you’re using.
Been fighting this same issue at work for years. Yeah, copying certificates works but it’s a nightmare to maintain and breaks every time certs update.
Now I just automate the whole Docker build with proper cert handling. My workflow detects SSL failures, grabs the right certificates from the host, and rebuilds the container with the correct config.
The trick isn’t just automating certificate copying - you need to automate the detection when things break and auto-retry with different cert paths. My system tries multiple locations (/etc/ssl/certs/, /usr/share/ca-certificates/, etc.) until npm install works.
Bonus: it handles certificate rotation automatically. When corporate certs get updated, it detects the failure and pulls fresh ones without me touching anything.
You can build this kind of smart automation that handles cert management, Docker builds, and error recovery. No more manually tweaking Dockerfiles every time certs change.
i had the same prob too! what worked 4 me was copying the host’s ca certs into the container. just add COPY /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ before the npm install command in your dockerfile. it fixed it!
The SSL issue arises because Docker containers have a separate certificate store, which does not share the WSL2 certificates. You can resolve this by copying your host’s SSL certificates to the Docker container. Update your Dockerfile as follows: COPY /etc/ssl/certs/ca-certificates.crt /usr/local/share/ca-certificates/ RUN update-ca-certificates ENV NODE_EXTRA_CA_CERTS=/usr/local/share/ca-certificates/ca-certificates.crt. Alternatively, if this is a local development setup, you might consider turning off SSL verification temporarily with RUN npm config set strict-ssl false. However, avoid this practice in a production environment, as it can lead to security risks. This is a frequent issue for those operating behind corporate firewalls, and copying the certificates usually resolves it.
I hit this same issue when moving our dev environment to Docker on WSL2. The problem is WSL2 and Docker containers have totally separate certificate stores, even though they’re on the same Windows machine.
Here’s what worked for me: I built a multi-stage setup where the base image grabs the certificate config from WSL2 before running any npm commands. The trick is making sure your Dockerfile certificate path matches exactly where the container OS looks for them.
Don’t just copy certificates - mount the WSL2 certificate directory as a volume during build, then copy them to the right spot in the container. This way you’re always using the current certs that WSL2 already trusts.
One more thing: set both NODE_EXTRA_CA_CERTS and npm’s cafile config in the same RUN command, not separate layers. Otherwise you’ll get certificate validation errors during the Docker build.
Your issue is that Docker containers have isolated certificate stores that don’t match your WSL2 host settings. The environment variable in your Dockerfile likely points to a path that doesn’t exist in the container. To resolve this, copy your SSL certificates from the host into the Docker image using the COPY command, placing them in /usr/local/share/ca-certificates/. Following that, run update-ca-certificates to refresh the cert store before the npm install. Additionally, ensure that npm settings are configured correctly during the build process. As a quick fix for development, you could temporarily set npm config set strict-ssl false to bypass SSL verification, although it is advisable to use this with caution as it may compromise security.