build: bump alpine version on Dockerfile to prevent certificate error on geodes by thomas-roux-cnes · Pull Request #2004 · CS-SI/eodag

thomas-roux-cnes · 2026-01-20T10:09:21Z

Description

The current Docker file does not contain the latest Hellenic Academic and Research Institutions CA that is used by GEODES API (https://geodes-portal.cnes.fr). This lead to a download error from eodag cli.

/etc/ssl/certs $ eodag download -f /var/lib/data/lis-cwl/creds.yml --stac-item https://geo
des-portal.cnes.fr/api/stac/collections/THEIA_REFLECTANCE_SENTINEL2_L2A/items/URN:FEATURE:
DATA:gdh:a70f1345-1952-3104-80d3-d8e9b8acbe1b:V1
Traceback (most recent call last):
  File "/usr/local/bin/eodag", line 8, in <module>
    sys.exit(eodag())
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1485, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1406, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1904, in invoke
    rv.append(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 1269, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python3.10/site-packages/click/core.py", line 824, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/click/decorators.py", line 34, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/eodag/cli.py", line 612, in download
    search_results.extend(satim_api.import_stac_items(list(stac_items)))
  File "/usr/local/lib/python3.10/site-packages/eodag/api/core.py", line 2423, in import_stac_items
    json_items.extend(fetch_stac_items(item_url))
  File "/usr/local/lib/python3.10/site-packages/eodag/utils/stac_reader.py", line 128, in fetch_stac_items
    stac_obj = pystac.read_file(stac_path, stac_io=stac_io)
  File "/usr/local/lib/python3.10/site-packages/pystac/__init__.py", line 168, in read_file
    return stac_io.read_stac_object(href)
  File "/usr/local/lib/python3.10/site-packages/pystac/stac_io.py", line 229, in read_stac_object
    d = self.read_json(source, *args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/pystac/stac_io.py", line 200, in read_json
    txt = self.read_text(source, *args, **kwargs)
  File "/usr/local/lib/python3.10/site-packages/eodag/utils/stac_reader.py", line 101, in __call__
    raise STACOpenerError(f"No opener available to open {url}")
eodag.utils.exceptions.STACOpenerError: No opener available to open https://geodes-portal.cnes.fr/api/stac/collections/THEIA_REFLECTANCE_SENTINEL2_L2A/items/URN:FEATURE:DATA:gdh:a70f1345-1952-3104-80d3-d8e9b8acbe1b:V1

Certs installed:

/etc/ssl/certs $ ls -al | grep Hellenic
lrwxrwxrwx    1 root     root            67 Nov 13  2021 1636090b.0 -> ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
lrwxrwxrwx    1 root     root            67 Nov 13  2021 32888f65.0 -> ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem
lrwxrwxrwx    1 root     root            71 Nov 13  2021 7719f463.0 -> ca-cert-Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem
lrwxrwxrwx    1 root     root            98 Nov 13  2021 ca-cert-Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt
lrwxrwxrwx    1 root     root            94 Nov 13  2021 ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt
lrwxrwxrwx    1 root     root            94 Nov 13  2021 ca-cert-Hellenic_Academic_and_Research_Institutions_RootCA_2015.pem -> /usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt

Certs used by GEODES API :

$ openssl s_client -showcerts -connect geodes-portal.cnes.fr:443
CONNECTED(00000003)
depth=2 C = GR, O = Hellenic Academic and Research Institutions CA, CN = HARICA TLS RSA Root CA 2021
verify return:1
depth=1 C = GR, O = Hellenic Academic and Research Institutions CA, CN = GEANT TLS RSA 1
verify return:1
depth=0 C = FR, ST = \C3\8Ele-de-France, L = Paris, O = Centre National D'\C3\A9tudes Spatiales, CN = geodes-portal.cnes.fr
verify return:1

…S API)

… on geodes (#2004)

Bump alpine version on DockerFile to prevent certificate error (GEODE…

85ae470

…S API)

thomas-roux-cnes changed the title ~~Bump alpine version on DockerFile to prevent certificate error (GEODES API)~~ fix: Bump alpine version on DockerFile to prevent certificate error (GEODES API) Jan 20, 2026

sbrunato changed the title ~~fix: Bump alpine version on DockerFile to prevent certificate error (GEODES API)~~ build: bump alpine version on Dockerfile to prevent certificate error on geodes Feb 12, 2026

sbrunato merged commit 9cf737b into CS-SI:develop Feb 12, 2026
15 of 32 checks passed

sbrunato added this to the 4.0.0b2.dev milestone Feb 12, 2026

sbrunato pushed a commit that referenced this pull request Mar 12, 2026

build: bump alpine version on Dockerfile to prevent certificate error…

bdc6b86

… on geodes (#2004)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build: bump alpine version on Dockerfile to prevent certificate error on geodes#2004

build: bump alpine version on Dockerfile to prevent certificate error on geodes#2004
sbrunato merged 1 commit intoCS-SI:developfrom
thomas-roux-cnes:develop

thomas-roux-cnes commented Jan 20, 2026 •

edited by sbrunato

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Conversation

thomas-roux-cnes commented Jan 20, 2026 • edited by sbrunato Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

thomas-roux-cnes commented Jan 20, 2026 •

edited by sbrunato

Loading