Skip to content

Docker image missing ca-certificates: git clone over HTTPS fails #2692

New issue
New issue
Closed
#2694
Closed
Docker image missing ca-certificates: git clone over HTTPS fails#2692
#2694
Labels
bug
@blinkagent

Description

@blinkagent
blinkagent
bot
opened on Feb 27, 2026

Bug

When using the Docker image (ghcr.io/coder/mux:nightly) with a volume mounted at /root/.mux, adding a new project via "Clone repo" fails with:

Cloning into '/root/.mux/projects/coder.mux-clone-fcad889dbebe'...
fatal: unable to access 'https://github.com/coder/coder.git/':
server certificate verification failed. CAfile: none CRLfile: none

Root Cause

The runtime stage of the Dockerfile installs git and openssh-client but does not install ca-certificates. Without a CA certificate bundle, git cannot verify any HTTPS server certificate.

Fix

Add ca-certificates to the runtime apt-get install line in the Dockerfile:

 RUN apt-get update && \
-    apt-get install -y --no-install-recommends git openssh-client && \
+    apt-get install -y --no-install-recommends git openssh-client ca-certificates && \
     rm -rf /var/lib/apt/lists/*

The comment block above should also be updated:

 # - git: required for workspace operations (clone, worktree, etc.)
 # - openssh-client: required for SSH runtime support
+# - ca-certificates: required for HTTPS (git clone, API calls, etc.)

Workaround

Set GIT_SSL_NO_VERIFY=true as an environment variable when running the container (not recommended for production).

Created on behalf of @ibetitsmike

Metadata

Metadata

Assignees

No one assigned

    Labels

    bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions