How to Fix 'certificate signed by unknown authority' Errors in GoLang Docker Containers?

Resolving "certificate signed by unknown authority" Error in Docker Container for GoLang HTTP Client

When running a Docker container for accessing the Google API using GoLang's http.Client, you may encounter the error "certificate signed by unknown authority." This issue arises when the container lacks the necessary trusted certificates to verify the API server's certificate.

Scratch Container

With a SCRATCH container, it's crucial to include the trusted certificates in the container alongside your application. To achieve this, add the ca-certificates.crt file directly to the container:

FROM scratch
ADD ca-certificates.crt /etc/ssl/certs/
ADD main /
CMD ["/main"]

Multi-Stage Build

If using a multi-stage build, you can leverage certificates packaged by the distribution vendor by modifying the Dockerfile:

FROM golang:alpine as build
RUN apk --no-cache add ca-certificates
WORKDIR /go/src/app
COPY . .
RUN CGO_ENABLED=0 go-wrapper install -ldflags '-extldflags "-static"'

FROM scratch
COPY --from=build /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
COPY --from=build /go/bin/app /app
ENTRYPOINT ["/app"]

By incorporating these modifications, you provide the container with the necessary certificates to establish a secure connection and eliminate the "certificate signed by unknown authority" error, enabling successful GoLang HTTP client interactions with the Google API.

The above is the detailed content of How to Fix 'certificate signed by unknown authority' Errors in GoLang Docker Containers?. For more information, please follow other related articles on the PHP Chinese website!