OpenSSL::SSL::SSLError (certificate has expired) with Rails running in a Docker container


I am integrating Auth0 authentication into our stack:

  • a Vue.js 2 SPA
  • a Ruby on Rails API (Ruby 2.7.8, Rails 5.2.5).

Both applications run in Docker containers, within a Docker compose setup.
The container that runs the API uses the image ruby:2.7-buster from DockerHub with a few customizations steps and obviously with the auth0 gem.

I am working with tenant dev-6w4hy15cawy5fx8q (under

Authentication flows as follows:

  1. The user clicks a Sign In button in the Login page of our SPA.
  2. They are redirected to Auth0 login page and log in there.
  3. They are redirected back to the Login page of our SPA.
  4. The Login page picks up on the new authentication status, and posts Auth0 JWT to our API.
  5. Our API creates a new session. In this process, it calls an AuthZero module that contains a Client class, massively inspired from the Auth0Client class described here.

At step 5, I get the following error in our Rails API:
OpenSSL::SSL::SSLError (SSL_connect returned=1 errno=0 state=error: certificate verify failed (certificate has expired)):

The error happens in the get_jwks method of the Client class:

    def get_jwks
      jwks_uri = URI("#{domain_url}.well-known/jwks.json")
      Net::HTTP.get_response jwks_uri

Here is my Auth0 Domain environment variable:

I already checked this thread. I checked the OpenSSL certificates of the Ruby image we are using to run our API. Within this Docker image:

  • We used to have a DST Root CA X3 (outdated) certificate.
    I have deleted it, reinstalled the certificates and rebuilt the image with the updates, which did not fix the OpenSSL error.
  • We already have a ISRG Root X1 certificate.
  • We are using the version 1.1.1 of OpenSSL.

Can you please help me troubleshoot this issue?


Hi @ilpvn and welcome to the Auth0 Community!

You mention your AuthZero module is heavily inspired by our Auth0Client implementation, if that’s the case then could you try setting the AUTH0_DOMAIN env variable to ? and remove the https. The original domain_url method should append the scheme at the beginning.

It could the your OpenSSL error is due to having a bad string.

Let me know if that works!

Hi Carla,
Thanks for your answer.
To be consistent with other environment variables, I had added the https:// flag to the URL and edited the client domain_url method as follow:

  def self.domain_url

Do you have any other suggestion?

Hi Carla,

Which CA is the authority for Auth0 authentication?
Where can I find a list of outdated and required OpenSSL certificates for this CA?

Thank you

just specifying that I also removed the https from my environment variable and updated self.domain_url accordingly

Hi @ilpvn, is this the only endpoint from Auth0 that is failing for you?

From your first message it seems you’ve already tried everything explained here: Auth0 is Down for all our Environments and all our Users are reporting an outage! - #12 by dan.woda

One other thing to check is which version of the SDK you’re using and upgrade to the latest one.

Can you try that and let me know how it goes?

1 Like

Thanks for the help @carlastabile!

Hi Carla,
Thank you for your answer.
Yes, I already tried removing the outdated certificate as outlined in the link above.
Could my Docker setup (volumes) be interfering with the deletion of the certificate?

At the moment, I cannot test this issue further, as I am encountering another error (described in a separate ticket).

I am using version 2.0.1 of auth0-spa-js (vs 2.1.1 being the latest version) and version 4.8.0 on the back-end vs 5.14.1). I will try an update of the SDK.

1 Like

Hi Carla,

I finally solved this error.
We were using an old gem (Ruby library) certified that was overwriting the HTTP class we are using for the call that provides the JWK keys.
Thank you for your time!



Thanks for the update!

1 Like

I’m glad you fixed it! :clap:t2:


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.