Bamboo running on Docker fails to checkout code from Bitbucket due to x509: certificate signed by unknown authority
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
With Bamboo running on a Docker container, a plan fails to checkout the code from Bitbucket with the following error:
x509: certificate signed by unknown authorityEnvironment
Bamboo running on a Docker container.
Diagnosis
The following is seen in the error thrown by the plan or its branches when trying to run a build.
stderr: fetch: Fetching reference XXX batch response: Post "https://git:XXXX/p/a/t/h": x509: certificate signed by unknown authority error: failed to fetch some objectsCause
The error "x509: certificate signed by unknown authority" indicates that Bamboo is presenting an SSL certificate that was issued by a Certification Authority that Bitbucket does not trust.
Solution
In order to fix this error, please make sure the public certificate from your Bitbucket instance has been added to the Bamboo Docker container.
You can run the following commands from inside the container to achieve that:
openssl s_client -connect BITBUCKET_IP:PORT < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /root/git-public.crt_*Then run the following command to load the downloaded certificates in the container:
update-ca-certificates -f- You can test the connection by switching to the bamboo user inside the container and running a git clone operation against the desired repository.
- Bamboo needs to be restarted to pick up the newest certificates. You might also need to include the updated certificates in the image used to build the container.