I created a docker container for talking to the google api using GoLang. I started off using a SCRATCH container and am getting the error certificate signed by unknown authority
upon changing to ubuntu/alpine i still get the error.
resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")
Any help solving this issue would be great. I can run the code fine on my mac.
Having done some research I can see the issue https://github.com/golang/go/issues/24652
but I dont know if this is directly related or if I need to share some certificate with the container.
How to resolve Docker x509: certificate signed by unknown authority error. In order to resolve this error, we have to import the CA certificate in use by the ICP into the system keystore. Then, we have to restart the Docker client for the changes to take effect.
Please run openssl s_client -connect api.snapcraft.io:443 in a local terminal to verify if the TLS connection is working properly. If there's an error, try running sudo update-ca-certificates in a local terminal to update your certificate store.
With scratch, you need to include the trusted certificates in addition to your application inside the image. E.g. if you have the ca-certificates.crt in your project to inject directly:
FROM scratch ADD ca-certificates.crt /etc/ssl/certs/ ADD main / CMD ["/main"]
If you are using a multi stage build and only want the certificates packaged by the distribution vendor, that looks like:
FROM golang:alpine as build # Redundant, current golang images already include ca-certificates RUN apk --no-cache add ca-certificates WORKDIR /go/src/app COPY . . RUN CGO_ENABLED=0 go-wrapper install -ldflags '-extldflags "-static"' FROM scratch # copy the ca-certificate.crt from the build stage COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=build /go/bin/app /app ENTRYPOINT ["/app"]
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With