curl certificate fail in docker container

Download the latest cacert.pem from https://curl.haxx.se/ca/cacert.pem , better way will be add a step in the dockerfile to install the certificate as part of the build step.

Follow the steps to install

1. Download the file from https://curl.haxx.se/ca/cacert.pem
2. Rename the file as cacert.crt
3. Copy the file to Go to /usr/local/share/ca-certificates/
4. Run the command sudo update-ca-certificates

You need to install SSL certificates into the Ubuntu container. For example, on a running instance, you can do:

apt-get updateapt-get install ca-certificates

Then, all your HTTPs connections can be validated with the local copy of CA Root Certificates.

For production deployments, this command should be in a Dockerfile:

RUN \  apt-get update && \  apt-get install ca-certificates && \  apt-get clean

Edit

It's possible that your proxy has an untrusted certificate. You can add it to the bundle, or tell curl not to check proxy's certificate with curl --proxy-insecure.

From https://curl.se/docs/sslcerts.html :

Since version 7.52.0, curl can do HTTPS to the proxy separately fromthe connection to the server. This TLS connection is handledseparately from the server connection so instead of --insecure and--cacert to control the certificate verification, you use --proxy-insecure and --proxy-cacert. With these options, you make sure that the TLS connection and the trust of the proxy can be kept totallyseparate from the TLS connection to the server.

don't mount the /etc/:/etc/ to docker container. the /etc/ in the host doesn't work for the docker container. let docker container uses its own /etc/.