Why Does My AWS SES Send Fail with \'x509: certificate signed by unknown authority\' and How Do I Fix It?

AWS SES Error: Unknown Authority for Certificate

When attempting to send emails through AWS SES from a staging environment, users may encounter the error "Post https://email.us-east-1.amazonaws.com/: x509: certificate signed by unknown authority." This error indicates that the SSL certificate used by AWS SES is not recognized by the client.

Solution:

The issue arises when using Alpine Linux docker images, which lack root certificates required to validate the SSL certificate. To resolve this, append the following lines to your Dockerfile:

FROM alpine:3.6 as alpine

RUN apk add -U --no-cache ca-certificates

FROM scratch
COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

Explanation:

The first line creates an alpine layer and installs ca-certificates, which contain trusted root certificates. The second line creates a new scratch layer and copies the root certificates from the alpine layer. By incorporating these certificates, your Docker image can now validate the AWS SES SSL certificate.

The above is the detailed content of Why Does My AWS SES Send Fail with \'x509: certificate signed by unknown authority\' and How Do I Fix It?. For more information, please follow other related articles on the PHP Chinese website!