how did you all fix the issue "x509: certificate signed by unknown authority" ?

[dmeadows]

I am getting the following error, even though the certificate for the github enterprise site is valid and from a CA.

unable to comment on pull request: Post "https://git.corp.mycompany.com/api/v3/repos/org/repo/issues/211/comments\": x509: certificate signed by unknown authority"

I've also downloaded the root cert from git.corp.mycompany.com and loaded it into the atlantis-0 container at /etc/ssl/certs. I then ran update-ca-certificates. I still get the same error.

[acceptableEngineering]

Hi there, I just now overcame this by baking my own Docker image:

FROM ghcr.io/runatlantis/atlantis

RUN apk upgrade --update-cache --available && \
    apk add openssl curl \
    rm -rf /var/cache/apk/*

RUN echo "" | openssl s_client -host api.github.com -port 443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > \
    /usr/local/share/ca-certificates/api-github-com.crt

RUN cat /usr/local/share/ca-certificates/api-github-com.crt >> /etc/ssl/certs/ca-certificates.crt

[firastahir]

This don't seem to work anymore since the new atlantis container runs as non root user

[nitrocode]

Users can avoid having to mount an SSL cert inside the atlantis container by setting a load balancer in front of atlantis and then attaching a certificate to the load balancer. For example, ACM and LB in AWS.

By using an upstream module, a lot of this is automated.

https://github.com/terraform-aws-modules/terraform-aws-atlantis
https://github.com/bschaatsbergen/terraform-gce-atlantis