Skip to content

ConnectError: invalid peer certificate: UnknownIssuer when running Docker image #75

New issue
New issue
Open
Open
ConnectError: invalid peer certificate: UnknownIssuer when running Docker image#75
@edengby

Description

@edengby
edengby
opened on Mar 16, 2025

Title:
ConnectError: invalid peer certificate: UnknownIssuer when running Docker image

Body:
Hello everyone,

I’m encountering a certificate-related error when building and running the voice-pipeline-agent-node in Docker. I see the following error in the container logs:

ConnectError: engine: signal failure: ws failure: IO error: invalid peer certificate: UnknownIssuer
    at Room.connect (.../node_modules/.pnpm/@livekit+rtc-node@0.13.3/node_modules/@livekit/rtc-node/dist/room.js:293:15)
    at async JobContext.connect (.../node_modules/.pnpm/@livekit+agents@0.5.1_@livekit+rtc-node@0.13.3/node_modules/@livekit/agents/dist/job.js:100:5)
    at async entry (.../dist/agent.js:56:9)

Dockerfile

# === 1) Build stage ===
FROM node:20-slim AS build

WORKDIR /app

# Copy package files (for deterministic dependency installs)
COPY package.json pnpm-lock.yaml ./

# Install pnpm
RUN npm install -g pnpm

# Install dependencies (dev + prod) and build
RUN pnpm install
COPY . .
RUN pnpm build

# === 2) Production stage ===
FROM node:20-slim

WORKDIR /app

# Copy only compiled output
COPY --from=build /app/dist ./dist

# Copy package files again
COPY --from=build /app/package.json /app/pnpm-lock.yaml ./

# Install pnpm
RUN npm install -g pnpm

# Install only production dependencies
RUN pnpm install --prod

# Default command
CMD ["node", "dist/agent.js", "dev"]

What I Tried

  • Built the Docker image as shown above and ran it.
  • The agent attempts to connect to the LiveKit server but fails with invalid peer certificate: UnknownIssuer.

Steps to Reproduce

  1. Clone the repository.
  2. Put the above Dockerfile into the project folder.
  3. Build and run the Docker image: 
    docker build -t livekit-agent .
docker run -p 3000:3000 livekit-agent
  4. Observe the logs in the container: 
    ConnectError: engine: signal failure: ws failure: IO error: invalid peer certificate: UnknownIssuer
...

Additional Context

  • Node version: 20 (via node:20-slim)
  • LiveKit dependencies:
    • @livekit/rtc-node@0.13.3
    • @livekit/agents@0.5.1
  • The error suggests there might be an issue with TLS or certificate trust when the agent attempts to connect.

Is there any recommended way to configure the certificate validation or handle self-signed certificates for development/test environments? Any pointers or known workarounds would be greatly appreciated!

Thanks in advance for your help. Let me know if I can provide more details.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions