Docker runner not importing ssl from host

Hello I’m getting this error

Running with gitlab-runner 10.4.0 (857480b6)
  on mobile-stuff (5c700787)
Using Docker executor with image kube-registry.int.company.com/mobile/imago ...
Using docker image sha256:48d7b0d488628f733b2b102fddd70d538ce692370209dbf1c7d941e8eed544f9 for predefined container...
Pulling docker image kube-registry.int.company.com/mobile/imago ...
Using docker image kube-registry.int.company.com/mobile/imago ID=sha256:f362c74e22272151088e01ec0b5994bb1c45afac7e3890cd677c0ee6c28a7985 for build container...
Running on runner-5c700787-project-15-concurrent-0 via mobile-prod-brq-001.s.company.com...
Cloning repository...
Cloning into '/builds/testing/certification-appium'...
fatal: unable to access 'https://gitlab-ci-token:xxxxxxxxxxxxxxxxxxxx@git.int.company.com/testing/certification-appium.git/': SSL certificate problem: unable to get local issuer certificate
ERROR: Job failed: exit code 1

My config. toml looks like that:

[[runners]]
  name = "mobile-stuff"
  url = "https://git.int.company.com/"
  token = "5c700787e9e619c0d06f4a3140ec09"
  executor = "docker"
  [runners.docker]
    tls_verify = true
    tls-ca-file = "/etc/pki/tls/certs/ca-bundle.crt"
    image = "kube-registry.int.company.com/mobile/imago"
    privileged = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
  [runners.cache]

Please advise. The runners work under shell executor, but under docker they don’t.

Host OS: Centos &
Docker: 17.12.0-ce, build c97c6d6
Version: 10.4.0
Git revision: 857480b6
Git branch: 10-4-stable
GO version: go1.8.5
Built: Mon, 22 Jan 2018 09:47:33 +0000
OS/Arch: linux/amd64

I’m seeing the same issue. Figured it out, yet?

I’ll come back and leave something if I figure it out.

I was able to workaround this issue by adding the troublesome certificate to my trusted store in CentOS 7. If you are using a non-redhat based OS, you’re process will be different. I would discourage this process unless you eminently trust the server host and owner.

sudo -i \# openssl s_client -connect gitlab.example.com:443 <<<'' | openssl x509 -out /etc/pki/ca-trust/source/anchors/gitlab.example.com.crt \# update-ca-trust enable \# update-ca-trust extract \# chmod u+w (readlink /etc/pki/tls/certs/ca-bundle.crt)
# echo >> (readlink /etc/pki/tls/certs/ca-bundle.crt) \# echo "# gitlab.example.com" >> (readlink /etc/pki/tls/certs/ca-bundle.crt)
# cat /etc/pki/ca-trust/source/anchors/gitlab.example.com.crt >> (readlink /etc/pki/tls/certs/ca-bundle.crt) \# chmod u-w (readlink /etc/pki/tls/certs/ca-bundle.crt)
# systemctl restart gitlab-runner
# systemctl restart docker
# exit

Hope it helps.