My Golang app has issue connecting to Supabase (after installing ca-certificates) x509: certificate signed by unknown authority

Questions / Help

Girzon September 1, 2024, 6:04am 1

I’m new to fly.io & trying to deploy a golang html server that is connecting to a supabase database. I’m currently using their library for it

Get "https://xxxxx.supabase.co/rest/v1/mytable?id=": tls: failed to verify certificate: x509: certificate signed by unknown authority

Ive read the other help posts & added the following to my docker file

RUN apt-get update && apt-get install -y ca-certificates 
RUN rm -rf /var/lib/apt/lists/*
COPY certs/prod-ca-2021.crt /usr/local/share/ca-certificates
RUN update-ca-certificates

It installs the missing ca-certificates packages that should handle this error by I’m still getting it.
Ive also added prod-ca-2021.crt that is the default certificate from supabase

Im using the docker image golang:1.22-bookworm

Im currently out of ideas what is causing this after spending a day trying to debug it
Does anyone have idea what could be causing this ?
Ive added the package & certificate so should work

Girzon September 2, 2024, 12:21pm 2

Ok found issue was bit of silly one but guessing someone else is also going to run into this one so heres the fix

the standard docker file that fly.io generates
creates two dockers machine one to build the go binary & another to host it

Can see the builder starts with
FROM golang:${GO_VERSION}-bookworm as builder

While the application host container will have no label
FROM debian:bookworm
So just normal debian image

So when you add your certificate service add it to the second container (laughing at myself this took few hours to figure out)

RUN apt-get update && apt-get install -y ca-certificates 
COPY certs/prod-ca-2021.crt /usr/local/share/ca-certificates
RUN chmod 644 /usr/local/share/ca-certificates/prod-ca-2021.crt
RUN update-ca-certificates

this adds certificates & installs them
Added chmod but most likely not needed
prod-ca-2021.crt is the supabase cert file form their site

hopes this helps someone else
happy coding

system Closed September 9, 2024, 12:21pm 3

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views	Activity
Strange certificate errors: Is there any kind of outbound proxy?	4	595	March 18, 2024
Go Application Not Loading, Possible certificate error	1	28	November 3, 2024
Dashboard shows certificate issued but still being served a localhost certificate Questions / Help	3	382	June 30, 2021
Failed to start remote builder heartbeat: You hit a Fly API error with request ID Questions / Help	5	303	July 16, 2023
Error x509 with "flyctl auth login" Questions / Help	9	303	March 3, 2024