Docker runner not importing ssl from host

Hello I’m getting this error

Running with gitlab-runner 10.4.0 (857480b6)
  on mobile-stuff (5c700787)
Using Docker executor with image ...
Using docker image sha256:48d7b0d488628f733b2b102fddd70d538ce692370209dbf1c7d941e8eed544f9 for predefined container...
Pulling docker image ...
Using docker image ID=sha256:f362c74e22272151088e01ec0b5994bb1c45afac7e3890cd677c0ee6c28a7985 for build container...
Running on runner-5c700787-project-15-concurrent-0 via
Cloning repository...
Cloning into '/builds/testing/certification-appium'...
fatal: unable to access '': SSL certificate problem: unable to get local issuer certificate
ERROR: Job failed: exit code 1

My config. toml looks like that:

  name = "mobile-stuff"
  url = ""
  token = "5c700787e9e619c0d06f4a3140ec09"
  executor = "docker"
    tls_verify = true
    tls-ca-file = "/etc/pki/tls/certs/ca-bundle.crt"
    image = ""
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0

Please advise. The runners work under shell executor, but under docker they don’t.

Host OS: Centos &
Docker: 17.12.0-ce, build c97c6d6
Version: 10.4.0
Git revision: 857480b6
Git branch: 10-4-stable
GO version: go1.8.5
Built: Mon, 22 Jan 2018 09:47:33 +0000
OS/Arch: linux/amd64

I’m seeing the same issue. Figured it out, yet?

I’ll come back and leave something if I figure it out.

I was able to workaround this issue by adding the troublesome certificate to my trusted store in CentOS 7. If you are using a non-redhat based OS, you’re process will be different. I would discourage this process unless you eminently trust the server host and owner.

sudo -i \# openssl s_client -connect <<<'' | openssl x509 -out /etc/pki/ca-trust/source/anchors/ \# update-ca-trust enable \# update-ca-trust extract \# chmod u+w (readlink /etc/pki/tls/certs/ca-bundle.crt)
# echo >> (readlink /etc/pki/tls/certs/ca-bundle.crt) \# echo "#" >> (readlink /etc/pki/tls/certs/ca-bundle.crt)
# cat /etc/pki/ca-trust/source/anchors/ >> (readlink /etc/pki/tls/certs/ca-bundle.crt) \# chmod u-w (readlink /etc/pki/tls/certs/ca-bundle.crt)
# systemctl restart gitlab-runner
# systemctl restart docker
# exit

Hope it helps.