Using Drone CI with your own SSL Root CA certificates
Table Of Contents
Introduction
If you try to use Drone CI with your own generated Root Certificate Authority SSL Certificates you need to let Drone know and trust it. Otherwise you will get errors upon login or when you try to use the drone runner with the domains, that use any certificates, that have been generated with your CA certificate:
Post "https://git.mydomain.corp/login/oauth/access_token": x509: certificate signed by unknown authority
Add your Root CA certificate
To do that you need to add your CA certificate to the known ca-certificates on your host machine. On Debain and Ubuntu systems these steps are the following (For other OS see this tutorial):
Copy your CA cert file to
/usr/local/share/ca-certificates/myca.crtsudo cp myca.crt /usr/local/share/ca-certificates/myca.crtUpdate the trusted CA certificates
sudo update-ca-certificates
Bind CA certificates files to drone containers
Now you need to bind the CA certificates file to your drone server and any runner container:
Again, on Debian and Ubuntu this will be this path:
volumes:
- /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
Additionally you also need to add the following environment variable to all runner container: This will add the CA certificates to all build container. Without it all clones would fail because of the unknown Root CA certificate.
environment:
- DRONE_RUNNER_VOLUMES=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt
After that recreate your containers.