Can't use acme.sh generated TLS certifications for monitor remote docker instance

[bobwng]

⚠️ Please verify that this question has NOT been raised before.

• I checked and didn't find similar issue

🛡️ Security Policy

• I agree to have read this project Security Policy

📝 Describe your problem

I've set up a uptime-kuma as a docker container, and everything's well, including monitor the docker host of it.

And then I tried to monitor the remote docker host, which the TLS certifications were generated by acme.sh through Let's Encrypt.

After docker host was set up, I test the TLS connection with below command inside of the uptime-kuma's docker container, and found it works:

curl --cacert /app/data/docker-tls/docker.example.com/ca.pem \
>      --cert /app/data/docker-tls/docker.example.com/cert.pem \
>      --key /app/data/docker-tls/docker.example.com/key.pem \
>      https://docker.example.com:2376/version
{"Platform":{"Name":""},"Components":[{"Name":"Engine","Version":"20.10.21","Details":{"ApiVersion":"1.41","Arch":"amd64","BuildTime":"2022-11-01T18:04:01.000000000+00:00","Experimental":"false","GitCommit":"3056208812eb5e792fa99736c9167d1e10f4ab49","GoVersion":"go1.19.3","KernelVersion":"5.15.81-0-virt","MinAPIVersion":"1.12","Os":"linux"}},{"Name":"containerd","Version":"v1.6.12","Details":{"GitCommit":"a05d175400b1145e5e6a735a6710579d181e7fb0"}},{"Name":"runc","Version":"1.1.4","Details":{"GitCommit":"5fd4c4d144137e991c4acebb2146ab1483a97925"}},{"Name":"docker-init","Version":"0.19.0","Details":{"GitCommit":""}}],"Version":"20.10.21","ApiVersion":"1.41","MinAPIVersion":"1.12","GitCommit":"3056208812eb5e792fa99736c9167d1e10f4ab49","GoVersion":"go1.19.3","Os":"linux","Arch":"amd64","KernelVersion":"5.15.81-0-virt","BuildTime":"2022-11-01T18:04:01.000000000+00:00"}

But when I clicked the 'Test' button in the "Setup Docker Host" page, the backend printed below logs:

uptime-kuma  | AxiosError: unable to get issuer certificate
uptime-kuma  |     at AxiosError.from (/app/node_modules/axios/lib/core/AxiosError.js:86:14)
uptime-kuma  |     at RedirectableRequest.handleRequestError (/app/node_modules/axios/lib/adapters/http.js:391:25)
uptime-kuma  |     at RedirectableRequest.emit (node:events:517:28)
uptime-kuma  |     at eventHandlers.<computed> (/app/node_modules/follow-redirects/index.js:49:24)
uptime-kuma  |     at ClientRequest.emit (node:events:517:28)
uptime-kuma  |     at TLSSocket.socketErrorListener (node:_http_client:501:9)
uptime-kuma  |     at TLSSocket.emit (node:events:517:28)
uptime-kuma  |     at emitErrorNT (node:internal/streams/destroy:151:8)
uptime-kuma  |     at emitErrorCloseNT (node:internal/streams/destroy:116:3)
uptime-kuma  |     at process.processTicksAndRejections (node:internal/process/task_queues:82:21) {
uptime-kuma  |   code: 'UNABLE_TO_GET_ISSUER_CERT',
uptime-kuma  |   config: {
uptime-kuma  |     transitional: {
uptime-kuma  |       silentJSONParsing: true,
uptime-kuma  |       forcedJSONParsing: true,
uptime-kuma  |       clarifyTimeoutError: false
uptime-kuma  |     },
uptime-kuma  |     adapter: [Function: httpAdapter],
uptime-kuma  |     transformRequest: [ [Function: transformRequest] ],
uptime-kuma  |     transformResponse: [ [Function: transformResponse] ],
uptime-kuma  |     timeout: 0,
uptime-kuma  |     xsrfCookieName: 'XSRF-TOKEN',
uptime-kuma  |     xsrfHeaderName: 'X-XSRF-TOKEN',
uptime-kuma  |     maxContentLength: -1,
uptime-kuma  |     maxBodyLength: -1,
uptime-kuma  |     env: { FormData: [Function], Blob: [class Blob] },
uptime-kuma  |     validateStatus: [Function: validateStatus],
uptime-kuma  |     headers: { Accept: '*/*', 'User-Agent': 'Uptime-Kuma/1.23.16' },
uptime-kuma  |     url: '/containers/json?all=true',
uptime-kuma  |     baseURL: 'https://docker.example.com:2376',
uptime-kuma  |     httpsAgent: Agent {
uptime-kuma  |       _events: [Object: null prototype],
uptime-kuma  |       _eventsCount: 2,
uptime-kuma  |       _maxListeners: undefined,
uptime-kuma  |       defaultPort: 443,
uptime-kuma  |       protocol: 'https:',
uptime-kuma  |       options: [Object: null prototype],
uptime-kuma  |       requests: [Object: null prototype] {},
uptime-kuma  |       sockets: [Object: null prototype],
uptime-kuma  |       freeSockets: [Object: null prototype] {},
uptime-kuma  |       keepAliveMsecs: 1000,
uptime-kuma  |       keepAlive: false,
uptime-kuma  |       maxSockets: Infinity,
uptime-kuma  |       maxFreeSockets: 256,
uptime-kuma  |       scheduling: 'lifo',
uptime-kuma  |       maxTotalSockets: Infinity,
uptime-kuma  |       totalSocketCount: 1,
uptime-kuma  |       maxCachedSessions: 0,
uptime-kuma  |       _sessionCache: [Object],
uptime-kuma  |       [Symbol(kCapture)]: false
uptime-kuma  |     },
uptime-kuma  |     method: 'get',
uptime-kuma  |     data: undefined
uptime-kuma  |   },
uptime-kuma  |   request: <ref *1> Writable {
uptime-kuma  |     _writableState: WritableState {
uptime-kuma  |       objectMode: false,
uptime-kuma  |       highWaterMark: 16384,
uptime-kuma  |       finalCalled: false,
uptime-kuma  |       needDrain: false,
uptime-kuma  |       ending: false,
uptime-kuma  |       ended: false,
uptime-kuma  |       finished: false,
uptime-kuma  |       destroyed: false,
uptime-kuma  |       decodeStrings: true,
uptime-kuma  |       defaultEncoding: 'utf8',
uptime-kuma  |       length: 0,
uptime-kuma  |       writing: false,
uptime-kuma  |       corked: 0,
uptime-kuma  |       sync: true,
uptime-kuma  |       bufferProcessing: false,
uptime-kuma  |       onwrite: [Function: bound onwrite],
uptime-kuma  |       writecb: null,
uptime-kuma  |       writelen: 0,
uptime-kuma  |       afterWriteTickInfo: null,
uptime-kuma  |       buffered: [],
uptime-kuma  |       bufferedIndex: 0,
uptime-kuma  |       allBuffers: true,
uptime-kuma  |       allNoop: true,
uptime-kuma  |       pendingcb: 0,
uptime-kuma  |       constructed: true,
uptime-kuma  |       prefinished: false,
uptime-kuma  |       errorEmitted: false,
uptime-kuma  |       emitClose: true,
uptime-kuma  |       autoDestroy: true,
uptime-kuma  |       errored: null,
uptime-kuma  |       closed: false,
uptime-kuma  |       closeEmitted: false,
uptime-kuma  |       [Symbol(kOnFinished)]: []
uptime-kuma  |     },
uptime-kuma  |     _events: [Object: null prototype] {
uptime-kuma  |       response: [Function: handleResponse],
uptime-kuma  |       error: [Function: handleRequestError],
uptime-kuma  |       socket: [Function: handleRequestSocket]
uptime-kuma  |     },
uptime-kuma  |     _eventsCount: 3,
uptime-kuma  |     _maxListeners: undefined,
uptime-kuma  |     _options: {
uptime-kuma  |       maxRedirects: 21,
uptime-kuma  |       maxBodyLength: Infinity,
uptime-kuma  |       protocol: 'https:',
uptime-kuma  |       path: '/containers/json?all=true',
uptime-kuma  |       method: 'GET',
uptime-kuma  |       headers: [Object],
uptime-kuma  |       agents: [Object],
uptime-kuma  |       auth: undefined,
uptime-kuma  |       beforeRedirect: [Function: dispatchBeforeRedirect],
uptime-kuma  |       beforeRedirects: [Object],
uptime-kuma  |       hostname: 'docker.example.com',
uptime-kuma  |       port: '2376',
uptime-kuma  |       agent: [Agent],
uptime-kuma  |       nativeProtocols: [Object],
uptime-kuma  |       pathname: '/containers/json',
uptime-kuma  |       search: '?all=true'
uptime-kuma  |     },
uptime-kuma  |     _ended: true,
uptime-kuma  |     _ending: true,
uptime-kuma  |     _redirectCount: 0,
uptime-kuma  |     _redirects: [],
uptime-kuma  |     _requestBodyLength: 0,
uptime-kuma  |     _requestBodyBuffers: [],
uptime-kuma  |     _onNativeResponse: [Function (anonymous)],
uptime-kuma  |     _currentRequest: ClientRequest {
uptime-kuma  |       _events: [Object: null prototype],
uptime-kuma  |       _eventsCount: 7,
uptime-kuma  |       _maxListeners: undefined,
uptime-kuma  |       outputData: [],
uptime-kuma  |       outputSize: 0,
uptime-kuma  |       writable: true,
uptime-kuma  |       destroyed: false,
uptime-kuma  |       _last: true,
uptime-kuma  |       chunkedEncoding: false,
uptime-kuma  |       shouldKeepAlive: false,
uptime-kuma  |       maxRequestsOnConnectionReached: false,
uptime-kuma  |       _defaultKeepAlive: true,
uptime-kuma  |       useChunkedEncodingByDefault: false,
uptime-kuma  |       sendDate: false,
uptime-kuma  |       _removedConnection: false,
uptime-kuma  |       _removedContLen: false,
uptime-kuma  |       _removedTE: false,
uptime-kuma  |       strictContentLength: false,
uptime-kuma  |       _contentLength: 0,
uptime-kuma  |       _hasBody: true,
uptime-kuma  |       _trailer: '',
uptime-kuma  |       finished: true,
uptime-kuma  |       _headerSent: true,
uptime-kuma  |       _closed: false,
uptime-kuma  |       socket: [TLSSocket],
uptime-kuma  |       _header: 'GET /containers/json?all=true HTTP/1.1\r\n' +
uptime-kuma  |         'Accept: */*\r\n' +
uptime-kuma  |         'User-Agent: Uptime-Kuma/1.23.16\r\n' +
uptime-kuma  |         'Host: docker.example.com:2376\r\n' +
uptime-kuma  |         'Connection: close\r\n' +
uptime-kuma  |         '\r\n',
uptime-kuma  |       _keepAliveTimeout: 0,
uptime-kuma  |       _onPendingData: [Function: nop],
uptime-kuma  |       agent: [Agent],
uptime-kuma  |       socketPath: undefined,
uptime-kuma  |       method: 'GET',
uptime-kuma  |       maxHeaderSize: undefined,
uptime-kuma  |       insecureHTTPParser: undefined,
uptime-kuma  |       joinDuplicateHeaders: undefined,
uptime-kuma  |       path: '/containers/json?all=true',
uptime-kuma  |       _ended: false,
uptime-kuma  |       res: null,
uptime-kuma  |       aborted: false,
uptime-kuma  |       timeoutCb: null,
uptime-kuma  |       upgradeOrConnect: false,
uptime-kuma  |       parser: null,
uptime-kuma  |       maxHeadersCount: null,
uptime-kuma  |       reusedSocket: false,
uptime-kuma  |       host: 'docker.example.com',
uptime-kuma  |       protocol: 'https:',
uptime-kuma  |       _redirectable: [Circular *1],
uptime-kuma  |       [Symbol(kCapture)]: false,
uptime-kuma  |       [Symbol(kBytesWritten)]: 0,
uptime-kuma  |       [Symbol(kNeedDrain)]: false,
uptime-kuma  |       [Symbol(corked)]: 0,
uptime-kuma  |       [Symbol(kOutHeaders)]: [Object: null prototype],
uptime-kuma  |       [Symbol(errored)]: null,
uptime-kuma  |       [Symbol(kHighWaterMark)]: 16384,
uptime-kuma  |       [Symbol(kRejectNonStandardBodyWrites)]: false,
uptime-kuma  |       [Symbol(kUniqueHeaders)]: null
uptime-kuma  |     },
uptime-kuma  |     _currentUrl: 'https://docker.example.com:2376/containers/json?all=true',
uptime-kuma  |     [Symbol(kCapture)]: false
uptime-kuma  |   },
uptime-kuma  |   cause: Error: unable to get issuer certificate
uptime-kuma  |       at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
uptime-kuma  |       at TLSSocket.emit (node:events:517:28)
uptime-kuma  |       at TLSSocket._finishInit (node:_tls_wrap:1070:8)
uptime-kuma  |       at ssl.onhandshakedone (node:_tls_wrap:856:12) {
uptime-kuma  |     code: 'UNABLE_TO_GET_ISSUER_CERT'
uptime-kuma  |   }
uptime-kuma  | }

NOTE: I've masked my docker host's FQDN name

I modified some code to print the details of httpsAgent before submit the request to docker host, and found the httpsAgent has been configured properly.

Is there anything wrong I've done? Or is there any compatible issue between Let's Encrypt's certification and axios?

📝 Error Message(s) or Log

No response

🐻 Uptime-Kuma Version

1.23.16

💻 Operating System and Arch

Ubuntu 24.04.1 LTS x64

🌐 Browser

Google Chrome

🖥️ Deployment Environment

• Runtime:
  Server: Docker Engine - Community
  Engine:
  Version: 27.3.1
  API version: 1.47 (minimum version 1.24)
  Go version: go1.22.7
  Git commit: 41ca978
  Built: Fri Sep 20 11:40:59 2024
  OS/Arch: linux/amd64
  Experimental: false
  containerd:
  Version: 1.7.23
  GitCommit: 57f17b0a6295a39009d861b89e3b3b87b005ca27
  runc:
  Version: 1.1.14
  GitCommit: v1.1.14-0-g2c9f560
  docker-init:
  Version: 0.19.0
  GitCommit: de40ad0

• kuma's image:
  louislam/uptime-kuma 1 542ef8cfcae2 6 weeks ago 440MB

• Database: sqlite/embedded

• Filesystem used to store the database on: SSD

• number of monitors: 20