OpenSSL connect error with Sendgrid in scheduled CI task

I have created a scheduled task that uses SendGrid to send out emails periodically based on data collected in a scheduled task. This works perfect when I run locally. When I push and run in a CI task, I get an OpenSSL Connect Error on the line in the code that is attempting to send the email sg.client.mail._('send').post(request_body: mail.to_json)

If I comment out the line, CI process finishes.

I have downloaded the docker imaged used in CI and run the statement by itself, and it works fine, so I don’t think there is an issue with certs. Based on other posts, I have tried adding lines to the packaging to update the certs just to make sure, but it doesn’t help at all

Here is the code that I am trying to execute in CI. I have a different bundle exec rails above this that does NOT interact with sendgrid and it works fine.

bundle exec rails runner EncouragementHelper.test

  Email_Sender = Struct.new(:name, :email) do
  end

  def test   
    sg = SendGrid::API.new(api_key: ENV['SENDGRID_API'])

    sender = Email_Sender.new('gary', 'gary@ubiqsecurity.com').freeze
    template_id = 'd-<...>'

    mail = SendGrid::Mail.new
    mail.from = Email.new(email: sender.email, name: sender.name)
    personalization = Personalization.new
    personalization.add_to(Email.new(email: 'gary@ubiqsecurity.com', name: 'test'))
    mail.add_personalization(personalization)

    mail.template_id = template_id
    sg.client.mail._('send').post(request_body: mail.to_json) unless mail.nil?  # THIS IS encouragement_helper.rb:26 below  Commented out, no problems.
  end

Any assistance either in my CI setup or working with SendGrid would be appreciated. I have not yet been able to find a solution.

Traceback:

(called from block (2 levels) in require at /usr/local/bundle/gems/bundler-2.1.4/lib/bundler/runtime.rb:74)
/usr/local/lib/ruby/2.6.0/net/protocol.rb:44:in connect_nonblock': SSL_connect returned=1 errno=0 state=error: certificate verify failed (self signed certificate in certificate chain) (OpenSSL::SSL::SSLError) from /usr/local/lib/ruby/2.6.0/net/protocol.rb:44:in ssl_socket_connect’
from /usr/local/lib/ruby/2.6.0/net/http.rb:996:in connect' from /usr/local/lib/ruby/2.6.0/net/http.rb:930:in do_start’
from /usr/local/lib/ruby/2.6.0/net/http.rb:919:in start' from /usr/local/lib/ruby/2.6.0/net/http.rb:1470:in request’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/ruby_http_client-3.5.2/lib/ruby_http_client.rb:219:in make_request' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/ruby_http_client-3.5.2/lib/ruby_http_client.rb:206:in build_request’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/ruby_http_client-3.5.2/lib/ruby_http_client.rb:298:in method_missing' from /builds/ubiqsecurity/ubiq-app/app/helpers/encouragement_helper.rb:26:in test’ # THIS IS THE LINE TRIGGERING THE ERROR. Commented out - no problems
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/commands/runner/runner_command.rb:45:in <main>' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/commands/runner/runner_command.rb:45:in eval’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/commands/runner/runner_command.rb:45:in perform' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/thor-1.0.1/lib/thor/command.rb:27:in run’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/thor-1.0.1/lib/thor/invocation.rb:127:in invoke_command' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/thor-1.0.1/lib/thor.rb:392:in dispatch’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/command/base.rb:65:in perform' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/command.rb:46:in invoke’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/commands.rb:18:in <main>' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/bootsnap-1.4.8/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in require’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/bootsnap-1.4.8/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:23:in block in require_with_bootsnap_lfi' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/bootsnap-1.4.8/lib/bootsnap/load_path_cache/loaded_features_index.rb:92:in register’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/bootsnap-1.4.8/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:22:in require_with_bootsnap_lfi' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/bootsnap-1.4.8/lib/bootsnap/load_path_cache/core_ext/kernel_require.rb:31:in require’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/activesupport-6.0.0/lib/active_support/dependencies.rb:325:in block in require' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/activesupport-6.0.0/lib/active_support/dependencies.rb:291:in load_dependency’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/activesupport-6.0.0/lib/active_support/dependencies.rb:325:in require' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/app_loader.rb:59:in block in exec_app’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/app_loader.rb:48:in loop' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/app_loader.rb:48:in exec_app’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/lib/rails/cli.rb:7:in <top (required)>' from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/exe/rails:10:in require’
from /builds/ubiqsecurity/ubiq-app/vendor/ruby/ruby/2.6.0/gems/railties-6.0.0/exe/rails:10:in <top (required)>' from bin/rails:29:in load’
from bin/rails:29:in `’

A little more information

I have changed my “test” function to do the following with https and with http

uri = URI.parse(“https://www.yahoo.com”)
response = Net::HTTP.get_response(uri)

The one with https FAILS like above. The one with http works fine.

It seems like my env isn’t getting setup quite right when I run in the schedule. It works fine when deployed or when I run locally, just not when trying

bundle exec rails runner

Found the issue - something in the image being used in production mode was preventing a CA file from being used. Changed configuration and works fine.