X509: Certificate Signed by Unknown Authority (Running a Go App Inside a Docker Container)
This story is available free of charge at https://preslav.me.
If you ever get the following message:
x509: certificate signed by unknown authority
While running your Go app in a Docker container, there is a chance that you might not have the necessary trusted certificates installed in your Docker container. Assuming that you run your Go apps in lightweight containers, based on Scratch or Alpine, you will have to add the certificates yourselves.
On Alpine, this can be done using the default package installer:
RUN apk --no-cache add ca-certificates
Since Scratch is not based on a particular distribution you would have to download the certificates manually and add them as part of the build process:
ADD ca-certificates.crt /etc/ssl/certs/
Further Reading
I am a software engineer at KI labs GmbH and advocate for strong developer culture. In my free time, I enjoy running in the woods, reading a great book, or working on my next piece of writing/music.