Self-update error in Dockerfile: x509: certificate signed by unknown authority

Hi, I have the following Dockerfile:

FROM koalaman/shellcheck-alpine as linter

# Copy source to image
COPY ./ /backup-system
WORKDIR /backup-system

# Run shellcheck linter
RUN set -e; for file in $(find . -type f -name "*.sh"); do shellcheck --format=gcc $file; done;

FROM debian:buster-slim AS backup-system

# Copy source to image
COPY ./ /backup-system
WORKDIR /backup-system

# Install dependencies
RUN apt-get update &&   \
    apt-get install -y  \
        openssh-client  \
        rsync           \
        mariadb-client  \

RUN restic self-update

# Set application entrypoint
CMD ["/bin/bash","/backup-system/src/","/backup-system/config/environments.yml"]

The package manager installs the 0.9.4 ( amd64 restic amd64 0.9.4+ds-2+b1 ) package but I’m experiencing a bit slow restic processes, so I’d like to try newer versions.

But the RUN restic self-update fails to update it:

Step 9/16 : RUN restic self-update
 ---> Running in 6b1fa6034695
writing restic to /usr/bin/restic
find latest release of restic at GitHub
Fatal: unable to update restic: Get x509: certificate signed by unknown authority
The command '/bin/sh -c restic self-update' returned a non-zero code: 1

Why? Sorry if it’s a rookie question.

Thanks in advance! :slight_smile:

Hello @udvaritibor and welcome!

Try installing also ca-certificates package (Common CA certificates) or whatever is such package called in Alpine (unfortunately I don’t know). This usually helps when you have issues with certificates.

Edit: ah, I see now that the second image is using buster-slim as base image, so the above name should absolutely work.

Hope it helps!

1 Like