[Docker] SearXNG SSL Error - DPI breaks on version 2025.5.20-a195f52 and onwards #4830
Description
Version of SearXNG, commit number if you are using on master branch and stipulate if you forked SearXNG
2025.5.21-156d1eb
How did you install SearXNG?
docker pull searxng/searxng
(The last version was installed through Watchtower)
What happened?
SearXNG completely breaks. I use a DPI certificate, which is installed in the docker host, and gets used by SeraXNG when connecting to search engines. Any version 2025.5.20-a195f52 and onwards will log this:
File "/usr/local/searxng/venv/lib/python3.13/site-packages/httpx/_client.py", line 1540, in request
return await self.send(request, auth=auth, follow_redirects=follow_redirects)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/searxng/venv/lib/python3.13/site-packages/httpx/_client.py", line 1629, in send
response = await self._send_handling_auth(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...<4 lines>...
)
^
File "/usr/local/searxng/venv/lib/python3.13/site-packages/httpx/_client.py", line 1657, in _send_handling_auth
response = await self._send_handling_redirects(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...<3 lines>...
)
^
File "/usr/local/searxng/venv/lib/python3.13/site-packages/httpx/_client.py", line 1694, in _send_handling_redirects
response = await self._send_single_request(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/searxng/venv/lib/python3.13/site-packages/httpx/_client.py", line 1730, in _send_single_request
response = await transport.handle_async_request(request)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/searxng/venv/lib/python3.13/site-packages/httpx/_transports/default.py", line 393, in handle_async_request
with map_httpcore_exceptions():
~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/contextlib.py", line 162, in exit
self.gen.throw(value)
~~~~~~~~~~~~~~^^^^^^^
File "/usr/local/searxng/venv/lib/python3.13/site-packages/httpx/_transports/default.py", line 118, in map_httpcore_exceptions
raise mapped_exc(message) from exc
httpx.ConnectError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1028)
How To Reproduce
- Use 2025.5.20-a195f52 or newer
- Use a Deep Packet Inspection certificate to decrypt traffic between the SearXNG container and the internet.
- Enforce DPI at the firewall level for the docker host.
- Create a read-only volume mapping on /etc/ssl/certs for both host and container.
Expected behavior
Before 2025.5.20-a195f52, SearXNG was working as expected.
Screenshots & Logs
Additional context
The current workaround is to revert to version 2025.5.18-5dff826 where it works as expected under this configuration.