Generally, the docker images we build use the alpine linux system, and the default is not to have the ca-certificates root certificate, resulting in the inability to recognize the digital certificates carried by external https.
During access, it will be thrown509:certificate signed by unknown authorityAn error caused the interface service of the docker container to return an error.
In order to solve the problem of certificate verification, we need to install the ca-certificates root certificate when building the docker image.
Add the following content to the Dockerfile:
RUN apk --no-cache add ca-certificates \ && update-ca-certificates
For already built images, if we want to install them manually, we can use the following method.
# Enter the containerdocker exec -it 'Container ID or container name' bash # Install the root certificateapk --no-cache add ca-certificates && update-ca-certificates # If a warning similar to the following occurs, ignore itWARNING: does not contain exactly one certificate or CRL: skipping # Restart the containerdocker restart 'Container ID or container name'
Supplement: Let's take a look at the digital certificate verification problem of docker access external https
When building docker images, we generally use an alpine Linux system. By default, we do not have the ca-certificates root certificate, which makes it impossible to recognize the digital certificates carried by external https.
Then, an error of x509: certificate signed by unknown authority will be thrown during access, causing the interface service of the docker container to return 500.
In order to solve the problem of certificate verification, we need to install the ca-certificates root certificate when building the docker image, so that digital certificates from external https can be recognized.
When editing Dockerfile, add the following command:
RUN apk --no-cache add ca-certificates \ && update-ca-certificates
If you don't want to rebuild the image, you can go directly to the container:
$ docker exec -it 'Container ID or container name' bash
Then execute the Install root certificate command:
$ apk --no-cache add ca-certificates && update-ca-certificates
The following warning appears, which can be ignored:
WARNING: does not contain exactly one certificate or CRL: skipping
Then restart the container:
$ docker restart 'Container ID or container name'
This is the article about docker accessing external https digital certificates. For more related docker accessing https content, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!