6

I'm trying some basic examples to request data from the web, however all requests to different hosts result in an SSL error: x509: certificate signed by unknown authority. Note: I'm not behind a proxy and no forms of certificate interception is happening, as using curl or the browser works without problems.

The code sample I'm currently working with is:

package main

import (
    "fmt"
    "net/http"
    "io/ioutil"
    "os"
    )

func main() {
    response, err := http.Get("https://google.com")
    if err != nil {
        fmt.Printf("%s\n", err)
        os.Exit(1)
    } else {
        defer response.Body.Close()
        contents, err := ioutil.ReadAll(response.Body)
        if err != nil {
            fmt.Printf("%s", err)
            os.Exit(1)
        }
        fmt.Printf("%s\n", string(contents))
    }
}

Edit: Code is run on Arch linux kernel 4.9.37-1-lts.

Edit 2: Apparently /etc/ssl/certs/ca-certificates.crt had a difference between the version on my system, by (re)moving the certificate and re-installing the ca-certificates-utils package manually, the issue was solved.

Maico Timmerman
  • 167
  • 1
  • 2
  • 10
  • 3
    Your code runs perfectly on my local machine. Are you running the directly in the machine or inside any container? – sadlil Jul 18 '17 at 11:51
  • this code runs fine inside a Ubuntu docker container – Scott Stensland Jul 18 '17 at 15:58
  • I'm running Arch Linux kernel version 4.9.37-1-lts. Code is working fine on any other machine, however not on this machine. – Maico Timmerman Jul 19 '17 at 07:24
  • @MaicoTimmerman How did you solve that? I've the same issue – Mazzy Nov 08 '18 at 15:42
  • Please see my final edit, I moved the certificate and reinstalled the ca-certificates-utils manually. – Maico Timmerman Nov 08 '18 at 15:50
  • I'm using `go-pingdom` package and running on docker `alpine:3.8`. I don't have anything under `/etc/ssl/certs`. I have tried to install `RUN apk add --no-cache --virtual ca-certificates-utils` but without any luck. – Mazzy Nov 08 '18 at 16:01

1 Answers1

9

Based on your error, I'm assuming you are using Linux?

It's likely that you will have to install ca-certificates on the machine your program is running on.

On Ubuntu, you would execute something like this:

sudo apt-get install ca-certificates
tier1
  • 6,303
  • 6
  • 44
  • 75
  • First of all, I'm on arch linux and I've got the ca-certificates installed: `pacaur -Qsq ca-certificates` results in `ca-certificates ca-certificates-cacert ca-certificates-mozilla ca-certificates-utils ` – Maico Timmerman Jul 19 '17 at 07:21
  • 1
    use `sudo apt-get install --reinstall ca-certificates` as this package almost certainly is installed – exussum Jun 17 '20 at 11:12
  • Thank you all, worked for me on debian 10 "sudo apt-get install --reinstall ca-certificates" ! – MeerArtefakt Dec 26 '20 at 19:51