curl certificate fail in docker container
Download the latest cacert.pem from https://curl.haxx.se/ca/cacert.pem , better way will be add a step in the dockerfile to install the certificate as part of the build step.
Follow the steps to install
- Download the file from https://curl.haxx.se/ca/cacert.pem
- Rename the file as cacert.crt
- Copy the file to Go to /usr/local/share/ca-certificates/
- Run the command
sudo update-ca-certificates
You need to install SSL certificates into the Ubuntu container. For example, on a running instance, you can do:
apt-get updateapt-get install ca-certificates
Then, all your HTTPs connections can be validated with the local copy of CA Root Certificates.
For production deployments, this command should be in a Dockerfile:
RUN \ apt-get update && \ apt-get install ca-certificates && \ apt-get clean
Edit
It's possible that your proxy has an untrusted certificate. You can add it to the bundle, or tell curl
not to check proxy's certificate with curl --proxy-insecure
.
From https://curl.se/docs/sslcerts.html :
Since version 7.52.0, curl can do HTTPS to the proxy separately fromthe connection to the server. This TLS connection is handledseparately from the server connection so instead of --insecure and--cacert to control the certificate verification, you use --proxy-insecure and --proxy-cacert. With these options, you make sure that the TLS connection and the trust of the proxy can be kept totallyseparate from the TLS connection to the server.
don't mount the /etc/:/etc/ to docker container. the /etc/ in the host doesn't work for the docker container. let docker container uses its own /etc/.