The base image of sonarqube-scan does not yet know our new TLS root certificate

Version used:

  • sonarsource/sonarqube-scan:1.0.0

Error observed:

Our certificate is valid and also not expired. The problem is that the Let’s Encrypt root certificate DST Root CA X3 expired at the end of September 2021 and therefore the new root certificate ISRG Root X1 is automatically used for newly issued certificates from Let’s Encrypt since a few months. However, older software components, e.g. operating systems, libraries or even Java versions, partly do not know this root certificate and therefore report that our TLS certificate is invalid or has expired.

Status: Downloaded newer image for sonarsource/sonarqube-quality-gate:1.0.0
curl: (60) SSL certificate problem: certificate has expired

More details here:
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Steps to reproduce:

Not needed.


Increase the version of the base image in the Dockerfile to alpine:3.14