Docker Multi-Stage Image Build Error: x509: Certificate Signed by Unknown Authority
This error occurs when building Docker images that rely on Git for dependency management, such as those using the docker-multi-stage-build technique.
Problem Overview
During image building, Git uses the system CA store to verify SSL certificates. However, in private networks, this store may not contain the necessary certificates to connect to external servers like GitHub and proxy.golang.org, resulting in the "x509: certificate signed by unknown authority" error.
Workaround
The problem can be fixed by importing the certificates into the system CA store.
Solution
Get Certificates: Retrieve the certificates for the problematic servers using the following OpenSSL commands:
Revised Dockerfile
The following revised Dockerfile incorporates the certificate import steps:
<code class="dockerfile">FROM golang:latest as builder RUN apt-get update && apt-get install -y ca-certificates openssl ARG cert_location=/usr/local/share/ca-certificates # Get certificate from "github.com" RUN openssl s_client -showcerts -connect github.com:443 < /dev/null 2> /dev/null | openssl x509 -outform PEM > ${cert_location}/github.crt # Get certificate from "proxy.golang.org" RUN openssl s_client -showcerts -connect proxy.golang.org:443 < /dev/null 2> /dev/null | openssl x509 -outform PEM > ${cert_location}/proxy.golang.crt # Update certificates RUN update-ca-certificates WORKDIR /app COPY go.mod go.sum ./ RUN go mod download COPY . . RUN GO111MODULE="on" CGO_ENABLED=0 GOOS=linux go build -o main ${MAIN_PATH} FROM alpine:latest LABEL maintainer="Kozmo" RUN apk add --no-cache bash WORKDIR /app COPY --from=builder /app/main . EXPOSE 8080 CMD ["/app/main"]</code>
Note: The update-ca-certificates command may take a few minutes to complete. Once it is finished, subsequent Docker builds should proceed without the "x509: certificate signed by unknown authority" error.
The above is the detailed content of How to Fix Docker Multi-Stage Image Build Errors: \'x509: Certificate Signed by Unknown Authority\'?. For more information, please follow other related articles on the PHP Chinese website!