Skip to content

Instantly share code, notes, and snippets.

@michaelboke
Last active September 24, 2025 08:54
Show Gist options
  • Save michaelboke/564bf96f7331f35f1716b59984befc50 to your computer and use it in GitHub Desktop.
Save michaelboke/564bf96f7331f35f1716b59984befc50 to your computer and use it in GitHub Desktop.
Docker scratch x509 fix
FROM golang:alpine as builder
WORKDIR /app
#the following 2 steps are optional if your image does not already have the certificate
# package installed, golang:alpine now seems to have it. But a more base image could be missing it.
#RUN apk update && apk upgrade && apk add --no-cache ca-certificates
#RUN update-ca-certificates
ADD main.go /app/main.go
RUN CGO_ENABLED=0 GOOS=linux go build -a -ldflags="-s -w" -installsuffix cgo -o app .
FROM scratch
COPY --from=builder /app/app .
COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
CMD ["./app"]
package main
import (
"net/http"
"fmt"
)
func main(){
_, err := http.Get("https://www.google.com")
if err!= nil {
panic(err)
}
fmt.Println("success")
}
@bdw617
Copy link

bdw617 commented Nov 10, 2022

this is an awesome example and fixed my problem with aws-sdk-go. I really appreciate the time you spent building such a simple example.

@ezynda3
Copy link

ezynda3 commented Jan 11, 2023

This just saved my bacon. Thanks!

@marlongerson
Copy link

Thank you good sir.

@xandreafonso
Copy link

Thanks!!

@holynuts
Copy link

Thanks very much, that solved my problem.

@Barkwi
Copy link

Barkwi commented Jun 26, 2024

Thanks this helped with my problem!

@DLzer
Copy link

DLzer commented Aug 17, 2024

You are a godsend, this saved me HOURS!

@michal-laskowski
Copy link

🔥

@imjulianeral
Copy link

You are a godsend sir. Thanks for sharing.

@MaikeMota
Copy link

You are a lifesaver!
Thank you so much!

@fuad-daoud
Copy link

thanks

worked without

RUN apk update && apk upgrade && apk add --no-cache ca-certificates
RUN update-ca-certificates

just

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

@Vrashabh-Sontakke
Copy link

@fuad-daoud how ?

@michaelboke
Copy link
Author

thanks

worked without

RUN apk update && apk upgrade && apk add --no-cache ca-certificates
RUN update-ca-certificates

just

COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

Yes it does seems that the golang:alpine now has certificates rebuild inside the docker image.
Thanks for noticing

@andreaswarnaar
Copy link

Great help! thx alot

@tenequm
Copy link

tenequm commented Feb 19, 2025

❤️

@Aspiand
Copy link

Aspiand commented Sep 24, 2025

thank you bro

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment