0

I have the following dockerfile:

FROM rocker/tidyverse:3.5.2

RUN apt-get update

# System dependices for R packages
RUN apt-get install -y \
    git \
    make \
    curl \
    libcurl4-openssl-dev \
    libssl-dev \
    pandoc \
    libxml2-dev \
    unixodbc \
    libsodium-dev \
    tzdata

# Clean up package installations
RUN apt-get clean

# ODBC system dependencies

RUN apt-get install -y gnupg apt-transport-https
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -
RUN curl https://packages.microsoft.com/config/debian/9/prod.list > /etc/apt/sources.list.d/mssql-release.list
RUN apt-get update
RUN ACCEPT_EULA=Y apt-get install msodbcsql17 -y

# Install renv (package management)
ENV RENV_VERSION 0.11.0
RUN R -e "install.packages('remotes', repos = c(CRAN = 'https://cloud.r-project.org'))"
RUN R -e "remotes::install_github('rstudio/renv@${RENV_VERSION}')"

# Specify USER for rstudio session
ENV USER rstudio

COPY ./renv.lock /renv/tmp/renv.lock

WORKDIR /renv/tmp
RUN R -e 'renv::consent(provided = TRUE)'
RUN R -e "renv::restore()"

WORKDIR /home/$USER

I use this image to recreate environments for R scripting purposes. This was working for a number of months up until the end of September when I started getting:

Error in curl::curl_fetch_memory(url, handle = handle) : 
  SSL certificate problem: certificate has expired

This occured when using GET request to query a website. How do I update my certificate now and in the future to avoid certificates expiring...I do not want to use the "config(ssl_verifypeer = FALSE)" workaround.

JFG123
  • 577
  • 5
  • 13
  • Related: https://stackoverflow.com/q/69413090/3358272 – r2evans Dec 20 '21 at 03:13
  • While this is affecting you when you are working on an R image, this is not an R issue: expand your research outside of R and into just "docker" and "certificate has expired", you are likely to find many more relevant discussions about this. FYI, tidyverse-3.5.2 was [last updated/released over 3 years ago](https://hub.docker.com/r/rocker/tidyverse/tags?page=1&name=3.5.2), which is a very long time to expect SSL certificates and other such components to be known and trusted (not to mention several other issues). – r2evans Dec 20 '21 at 03:16

1 Answers1

0

This happened to me too. Any chance you are working on MacOS or Linux based machine? It seems to be a bug:

Instead of adjusting the certificates as is suggested here, you can simply set R to not verify the peer. Just add the following line to the beginning of your code.

httr::set_config(config(ssl_verifypeer = FALSE, ssl_verifyhost = FALSE))
Peter
  • 343
  • 5
  • 17