If you ever get the following message:

x509: certificate signed by unknown authority

While running your Go app in a Docker container, there is a chance that you might not have the necessary trusted certificates installed in your Docker container. Assuming that you run your Go apps in lightweight containers, based on Scratch or Alpine, you will have to add the certificates yourselves.

On Alpine, this can be done using the default package installer:

RUN apk --no-cache add ca-certificates

Since Scratch is not based on a particular distribution you would have to download the certificates manually and add them as part of the build process:

ADD ca-certificates.crt /etc/ssl/certs/

Further Reading

Docker container running golang http.Client getting error `certificate signed by unknown authority`
I created a docker container for talking to the google api using GoLang. I started off using a SCRATCH container and am getting the error certificate signed by unknown authority upon changing to ub...
Create the smallest and secured golang docker image based on scratch
Thanks to docker multi-stage builds, we can build our application in a docker alpine image an produce a small image with only a binary in a scratch image. Before that we gonna see docker scratch…