Why Does My GoLang Docker Container Get a 'certificate signed by unknown authority' Error?

Docker Container Issue: Error Certificate Signed by Unknown Authority

Running a Docker container using GoLang's http.Client can result in the error message "certificate signed by unknown authority." This issue has been encountered when creating a container from scratch or using Ubuntu/Alpine images.

To understand the problem, it's important to note that http.Client uses the TLS configuration in the system's certificate store. When a container is created from scratch, it doesn't have any trusted certificates by default.

Solution:

The solution to this issue depends on the type of Docker image you're using:

Scratch Image:

1. Include the trusted certificates in your image. For example, you can add a ca-certificates.crt file to the /etc/ssl/certs directory:

FROM scratch
ADD ca-certificates.crt /etc/ssl/certs/
ADD main /
CMD ["/main"]

Multi-Stage Image:

1. Add the ca-certificates package during the build stage:

FROM golang:alpine as build
RUN apk --no-cache add ca-certificates

2. Copy the certificates from the build stage to the final image:

FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/app /app
ENTRYPOINT ["/app"]

By including the trusted certificates in the Docker image, your http.Client will be able to verify the server certificate and successfully make HTTPS requests to Google's API.

The above is the detailed content of Why Does My GoLang Docker Container Get a 'certificate signed by unknown authority' Error?. For more information, please follow other related articles on the PHP Chinese website!