Unable to pin CID to remote pinning service (Pinata) from Docker container

Question

I am having trouble using the IPFS CLI to pin a CID to a remote service (Pinata) from within a Docker container. This works fine when running from the host.

I am calling the following from the Dockerfile:

# Pull base image
ARG AWS_ACCOUNT_ID
ARG AWS_DEFAULT_REGION
FROM ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_DEFAULT_REGION}.amazonaws.com/<REPO>:latest as build

# Set working directory
WORKDIR /usr/app
COPY . /usr/app

EXPOSE 80
EXPOSE 443

CMD ["bash", "/usr/app/persist-ipns.sh"]

In persist-ipns.sh, I am fetching a directory from a remote repo, adding it to IPFS, and then pinning the CID to Pinata.

#!/bin/bash
BUCKET=<BUCKET_NAME>
DIR=<DIRECTORY>

# Start IPFS daemon
ipfs daemon &

# Clone S3 bucket containing metadata
mkdir -p $DIR
OBJECT="$(aws s3 ls $BUCKET --recursive | sort | tail -n 1 | awk '{print $4}')"
aws s3 cp s3://$BUCKET/$OBJECT $DIR

# Add directory to IPFS
IPFS_ADD=$(ipfs add -r $DIR)
IPFS_CID=$(echo $IPFS_ADD | awk '{print $2}')
echo IPFS CID: $IPFS_CID

# Push to Pinata
ipfs pin remote add --service=pinata-docker --name=<PIN_NAME> $IPFS_CID

I then face the following error:

Error: empty response from remote pinning service: Post "https://api.pinata.cloud/psa/pins": x509: certificate signed by unknown authority

I have faced this error before in other cases when missing a .pem file. But I am not sure how to resolve this here.

Thank you in advance for the help.

Answer 1

Thank you @larsks. Adding a CA certificate resolved the error:

• Downloaded a CA certificate from Entrust on my host machine
• Added the following to the Dockerfile:

COPY ca.crt /etc/ssl/certs/
RUN apt-get install -y ca-certificates
RUN update-ca-certificates