CERTIFICATE_VERIFY_FAILED when trying to astro dev start behind a corporate proxy


Newbie here trying to install Astro CLI for the first time.
I know I usually have issues with SSL certificates when trying to install anything via pip or when fetching from external sites (e.g. github). To solve this, I’ve added our proxy’s root certificate to my local certificate store and that usually solves the problem.
In this case, however, I don’t know how to do it, because I know the installation is happening inside the container, so I don’t know how to add the root certificate from my system to the container definition.

I’m on Windows, using version 9.5.0 of the astro runtime.

Any advice is appreciated. Thanks!

Hi @nathome, Welcome to the Astro Community, Glad to see you using the Astro CLI.

If you need your Astro Airflow to communicate securely with a remote service using a certificate signed by an untrusted or internal certificate authority (CA), you need to add the CA certificate to the trust store inside your Astro project’s Docker image.

  1. In your Astro project Dockerfile, add the following entry below the existing FROM statement which specifies your Astro Runtime image version:
USER root
COPY <internal-ca.crt> /usr/local/share/ca-certificates/<your-company-name>/
RUN update-ca-certificates
USER astro
  1. Optional. Add additional COPY statements before the RUN update-ca-certificates stanza for each CA certificate your organization is using for external access.

  2. Restart your local environment or deploy to Astro.

Reference - Add a CA certificate to an Astro Runtime image

I hope this helps and works for you!

Akash Laddha

@iamakashladdha - Thanks so much for the information. I will follow the steps you provided and get back if I continue to have any issues.

Sure @nathome Happy to help! Excited for you to start using Astro CLI!