If you try to use Drone CI with your own generated Root Certificate Authority SSL Certificates you need to let Drone know and trust it. Otherwise you will get errors upon login or when you try to use the drone runner with the domains, that use any certificates, that have been generated with your CA certificate:

Post "https://git.mydomain.corp/login/oauth/access_token": x509: certificate signed by unknown authority

Add your Root CA certificate

To do that you need to add your CA certificate to the known ca-certificates on your host machine. On Debain and Ubuntu systems these steps are the following (For other OS see this tutorial):

  1. Copy your CA cert file to /usr/local/share/ca-certificates/myca.crt

    sudo cp myca.crt /usr/local/share/ca-certificates/myca.crt
  2. Update the trusted CA certificates

     sudo update-ca-certificates

Bind CA certificates files to drone containers

Now you need to bind the CA certificates file to your drone server and any runner container:

Again, on Debian and Ubuntu this will be this path:

The :ro at the end means bind to container as read-only

    - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro

Additionally you also need to add the following environment variable to all runner container: This will add the CA certificates to all build container. Without it all clones would fail because of the unknown Root CA certificate.

    - DRONE_RUNNER_VOLUMES=/etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt

After that recreate your containers.