Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker container running golang http.Client getting error `certificate signed by unknown authority`

Tags:

I created a docker container for talking to the google api using GoLang. I started off using a SCRATCH container and am getting the error certificate signed by unknown authority upon changing to ubuntu/alpine i still get the error.

resp, err := client.Get("https://www.googleapis.com/oauth2/v3/userinfo")

Any help solving this issue would be great. I can run the code fine on my mac.

Having done some research I can see the issue https://github.com/golang/go/issues/24652

but I dont know if this is directly related or if I need to share some certificate with the container.

like image 815
Westy10101 Avatar asked Oct 24 '18 12:10

Westy10101


People also ask

How do I fix x509 certificate signed by unknown authority?

How to resolve Docker x509: certificate signed by unknown authority error. In order to resolve this error, we have to import the CA certificate in use by the ICP into the system keystore. Then, we have to restart the Docker client for the changes to take effect.

How do I fix x509 certificate signed by unknown authority in Ubuntu?

Please run openssl s_client -connect api.snapcraft.io:443 in a local terminal to verify if the TLS connection is working properly. If there's an error, try running sudo update-ca-certificates in a local terminal to update your certificate store.


1 Answers

With scratch, you need to include the trusted certificates in addition to your application inside the image. E.g. if you have the ca-certificates.crt in your project to inject directly:

FROM scratch ADD ca-certificates.crt /etc/ssl/certs/ ADD main / CMD ["/main"] 

If you are using a multi stage build and only want the certificates packaged by the distribution vendor, that looks like:

FROM golang:alpine as build # Redundant, current golang images already include ca-certificates RUN apk --no-cache add ca-certificates WORKDIR /go/src/app COPY . . RUN CGO_ENABLED=0 go-wrapper install -ldflags '-extldflags "-static"'  FROM scratch # copy the ca-certificate.crt from the build stage COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=build /go/bin/app /app ENTRYPOINT ["/app"] 
like image 179
BMitch Avatar answered Sep 24 '22 05:09

BMitch