terraform x509: certificate signed by unknown authority

Question

I'm using Terraform as a part of the DevOps pipeline tools and recently I have changed my PC then the terraform stop working, my Terraform runs inside a docker desktop container, the new PC has windows 11 and I can run the terraform from it without getting the certification problem, but the docker can't init the Terraform and I'm getting this error

terraform x509: certificate signed by unknown authority

enter image description here

I have tried to copy past manual certificates from host to container but nothing help.

Answer 1

Solved by adding a certificate to container /etc/ssl/certs/ca-certificates.crt –

Answer 2

If you come to this Q&A while using the vSphere Terraform Provider and you already added your root CA certificate to your OS, make sure to also add all intermediate CA certificates to your OS. Normally, you do not do this as a client, but Terraform seems to need that. I did not find any docs that mention this explicitly, but you can derive it from these docs, that describe how you can setup a custom Terraform container, where they explicitly add intermediate CA certificates:

FROM ubuntu:bionic

# Install required software for Terraform Enterprise.
RUN DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
    apt-get install -y --no-install-recommends awscli ca-certificates curl daemontools git-core iproute2 netcat-openbsd openssh-client psmisc redis-tools ssh sudo unzip wget

# Include all necessary CA certificates.
ADD example-root-ca.crt /usr/local/share/ca-certificates/
ADD example-intermediate-ca.crt /usr/local/share/ca-certificates/
RUN update-ca-certificates

Make sure that whenever you add certificates to your certificate store, you also merge them into your certificate store with update-ca-certificates (Debian/Ubuntu) or update-ca-trust (CentOS/RHEL).