I’m trying to build an Alpine image that includes my organization’s CA certificate, but I’m encountering issues when attempting to install curl
using apk add
. The installation fails, although I can access .tar
files over HTTPS without any problems.
Here’s the sequence of commands and output I’m seeing:
/usr/local/share # update-ca-certificates
WARNING: ca-cert-my-cert.pem does not contain exactly one certificate or CRL: skipping
WARNING: ca-cert-my-cert-trust.pem does not contain exactly one certificate or CRL: skipping
/usr/local/share # ls
ca-certificates perl5 test
/usr/local/share # apk add curl
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
28BB7CAA0C7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:2091:
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.20/main: Permission denied
fetch https://dl-cdn.alpinelinux.org/alpine/v3.20/community/x86_64/APKINDEX.tar.gz
28BB7CAA0C7F0000:error:0A000086:SSL routines:tls_post_process_server_certificate:certificate verify failed:ssl/statem/statem_clnt.c:2091:
WARNING: updating and opening https://dl-cdn.alpinelinux.org/alpine/v3.20/community: Permission denied
OK: 99 MiB in 103 packages
/usr/local/share # curl https://dl-cdn.alpinelinux.org/alpine/v3.20/community
<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.27.1</center>
</body>
</html>
/usr/local/share # curl -o /tmp/test.tar https://dl-cdn.alpinelinux.org/alpine/v3.20/main/x86_64/APKINDEX.tar.gz
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 461k 100 461k 0 0 584k 0 --:--:-- --:--:-- --:--:-- 584k
/usr/local/share #
It appears that there may be an issue with the SSL certificate verification during the apk add
process, even though I can access the URLs directly with curl
. Has anyone experienced similar issues or have suggestions on how to resolve this?