Home > Backend Development > Golang > How to Fix \'x509: Certificate Signed by Unknown Authority\' Error in Docker Multi-Stage Go Image Builds?

How to Fix \'x509: Certificate Signed by Unknown Authority\' Error in Docker Multi-Stage Go Image Builds?

Mary-Kate Olsen
Release: 2024-11-04 10:57:30
Original
1009 people have browsed it

How to Fix

Troubleshooting "x509: Certificate Signed by Unknown Authority" Error in Docker Multi-Stage Go Image Build

When attempting to build a multi-stage Docker image for a Go application in a private network, you may encounter the following error:

x509: certificate signed by unknown authority
Copy after login

This error arises due to difficulties with certificate verification when downloading dependencies via go get or go mod download. While setting the GIT_SSL_NO_VERIFY environment variable can bypass this issue for Agent environment variables, it does not work when using go get or go mod download.

Solution

To resolve this issue and enable secure certificate verification, you can import the necessary certificates into the CA store of your system using openssl. For instance:

FROM golang:latest as builder

RUN apt-get update && apt-get install -y ca-certificates openssl

ARG cert_location=/usr/local/share/ca-certificates

# Get certificate from "github.com"
RUN openssl s_client -showcerts -connect github.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > ${cert_location}/github.crt
# Get certificate from "proxy.golang.org"
RUN openssl s_client -showcerts -connect proxy.golang.org:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >  ${cert_location}/proxy.golang.crt
# Update certificates
RUN update-ca-certificates

# Proceed with your build process...
Copy after login

By importing the certificates into the CA store, secure certificate verification is enabled for git dependency retrieval.

Example

The following Dockerfile demonstrates the solution:

FROM golang:latest as builder

RUN apt-get update && apt-get install -y ca-certificates openssl

ARG cert_location=/usr/local/share/ca-certificates

# Get certificate from "github.com"
RUN openssl s_client -showcerts -connect github.com:443 </dev/null 2>/dev/null|openssl x509 -outform PEM > ${cert_location}/github.crt
# Get certificate from "proxy.golang.org"
RUN openssl s_client -showcerts -connect proxy.golang.org:443 </dev/null 2>/dev/null|openssl x509 -outform PEM >  ${cert_location}/proxy.golang.crt
# Update certificates
RUN update-ca-certificates

WORKDIR /app
COPY go.mod go.sum ./
RUN go mod download
COPY . .
RUN  GO111MODULE="on" CGO_ENABLED=0 GOOS=linux go build -o main ${MAIN_PATH}

FROM alpine:latest
LABEL maintainer="Kozmo"
RUN apk add --no-cache bash
WORKDIR /app
COPY --from=builder /app/main .
EXPOSE 8080
CMD ["/main"]
Copy after login

This Dockerfile will import the necessary certificates and update the CA store, allowing for secure certificate verification during dependency retrieval for your Go application build within a private network.

The above is the detailed content of How to Fix \'x509: Certificate Signed by Unknown Authority\' Error in Docker Multi-Stage Go Image Builds?. For more information, please follow other related articles on the PHP Chinese website!

source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Articles by Author
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template