8

I've been banging my head against the table with this one for a while now. I'm. I've successfully sent emails locally using an AWS access key and secret that has full access. Once I deploy to my staging environment I get an error using the same access key and secret.

RequestError: send request failed\ncaused by: Post https://email.us-east-1.amazonaws.com/: x509: certificate signed by unknown authority

Please help!

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Shane Da Silva
  • 469
  • 1
  • 6
  • 15
  • Need more detail in your question. Maybe show part of your program? Do you think the error comes from the client or the server? Can you provoke similar errors with tools like openssl s_client? – Vorsprung Oct 02 '18 at 05:52
  • 4
    Make sure the `ca-certificates` package is installed on your instance. After installing restart your Go programs. – Peter Oct 02 '18 at 06:06
  • @Peter Thanks Peter, that's all I was missing! – Shane Da Silva Oct 02 '18 at 15:07
  • @Peter - Post your comment with more details as an answer. This will help others understand what this error means. – John Hanley Oct 02 '18 at 17:34

2 Answers2

15

If you are using alpine docker image for example:

FROM alpine:3.6 as alpine

RUN apk add -U --no-cache ca-certificates

FROM scratch
COPY --from=alpine /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

After adding root certificates ca-certificates, it will be working fine.

KorbenDallas
  • 944
  • 9
  • 16
  • Thanks, this helped me. If you're not using a multi stage docker file you can just add `RUN apk add -U --no-cache ca-certificates` – Crazometer Feb 08 '19 at 04:41
  • @Dattatray sudo apt-get install ca-certificates -y – KorbenDallas Dec 08 '19 at 16:52
  • 3
    Debian/Ubuntu: `apt-get update && apt-get install -y --no-install-recommends ca-certificates` and if using a multi-stage then copy to the same location. This answer on serverfault has a good list of expected locations for other linux distros https://serverfault.com/a/722646/443669 – Davos Apr 14 '20 at 02:23
3

My project is deployed on Ubuntu machine and I am using Golang, so here is my Dockerfile.

Please note that I have used COPY command twice. I successfully deployed my project and its working as expected.

FROM golang:1.16.5 AS builderStep

# Install Certificate
RUN apt-get update && apt-get install -y --no-install-recommends ca-certificates

FROM scratch AS app

# Copy Certificate
COPY --from=builderStep /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

COPY --from=builderStep /my/source/code/ .
Muhammad Tariq
  • 3,318
  • 5
  • 38
  • 42