Personal Project

Thursday, March 25, 2021

X509: Certificate Signed by Unknown Authority & Go Docker & EKS

 If you encountered an issue below, your go application on EKS failed to send an HTTP request to other services.

Problem:x509: certificate signed by unknown authority

This is due to fact that your HTTP library failed to read the CA certificate in setting up SSL communication with other services. Then we can suspect missing or incorrect CA certificate is the cause of this problem.

Debug Step:

  • Check your ca-certificates are packed to the Docker image or not.
  • If not, you can install ca-certificates as below in the DockerFile.
RUN apk add --update --no-cache ca-certificates

If you use multiple-stage to build go application to reduce the size of the docker image, remember to add the whole folder /etc/ssl/certs to your docker image as below.

FROM scratch

WORKDIR /
COPY --from=builder /etc/ssl/certs./etc/ssl/certs


How to build a lightweight go application with CA certificates in DockerFile for EKS?

ref:

https://tyricwei.medium.com/x509-certificate-signed-by-unknown-authority-go-docker-eks-f508a49d86f6

No comments:

Post a Comment