[Fixed] X509: Certificate Signed by Unknown Authority( Running a docker application on an AWS Ec2 instance)

Recently while working with docker on AWS Ec2, I have faced the issue of X509: Certificate Signed by Unknown Authority

My application is written in Golang and uses multiple AWS services using the Ec2 role-based-access. But while running inside the docker application is unable to access any of the AWS services.

This is might be due to the case that AWS Services only allow access to AWS signed certificates when using the EC2 role-based-access.

I have fixed it by using the Ec2 Certificates with the Docker Container. I am using Debian EC2 and debian:bullseye-slimdocker.

To fix this issue do the followings

• Add this command in your docker file

RUN apt-get update \
 && apt-get install -y --force-yes --no-install-recommends apt-transport-https curl ca-certificates \
 && apt-get clean \
 && apt-get autoremove \
 && rm -rf /var/lib/apt/lists/* \

• Build docker
• While running the docker image add --mount like the following:

docker run -d --mount
type=bind,source=/etc/ssl/certs,target=/etc/ssl/certs my-app:latest

Mount path may differ based on your Ec2 Linux distribution and Docker image, So paths for the popular distributions are as follows:

"/etc/ssl/certs/",                      // Debian/Ubuntu/Gentoo etc.
"/etc/pki/tls/certs/",                  // Fedora/RHEL 6
"/etc/ssl/",                            // OpenSUSE
"/etc/pki/tls/",                        // OpenELEC
"/etc/pki/ca-trust/extracted/pem/",     // CentOS/RHEL 7
"/etc/ssl/",                            // Alpine Linux