[solved] Login Failed. Post “https://github.com/login/oauth/access_token”: x509: certificate signed by unknown authority

Jim-Jian · November 12, 2020, 8:49am

Tried to follow the documentation to turn on SSL, but failed.

[root@iZwz9h7blj36dmxtdmk43zZ private]# docker run \

–volume=/etc/ssl:/etc/ssl
–volume=/var/lib/drone:/data
–env=DRONE_GITHUB_CLIENT_ID=xxxxxxxxxxxxx
–env=DRONE_GITHUB_CLIENT_SECRET=xxxxxxxxxxxx
–env=DRONE_RPC_SECRET=xxxxxxxxxxxxx
–env=DRONE_SERVER_HOST=drone.xxxxx.cn
–env=DRONE_SERVER_PROTO=https
–env=DRONE_LOGS_DEBUG=true
–env=DRONE_TLS_CERT=/etc/ssl/certs/ca-certificates.crt
–env=DRONE_TLS_KEY=/etc/ssl/private/ca.key
–publish=80:80
–publish=443:443
–restart=always
–detach=true
–name=drone
drone/drone:1

Jim-Jian · November 12, 2020, 9:00am

[root@iZwz9h7blj36dmxtdmk43zZ private]# docker logs -f drone
{“level”:“info”,“msg”:“main: internal scheduler enabled”,“time”:“2020-11-12T08:58:54Z”}
{“build.limit”:5000,“expires”:“0001-01-01T00:00:00Z”,“kind”:“trial”,“level”:“debug”,“msg”:“main: license loaded”,“repo.limit”:0,“time”:“2020-11-12T08:58:54Z”,“user.limit”:0}
{“acme”:false,“host”:“drone.xxxxxxxxx.cn”,“level”:“info”,“msg”:“starting the http server”,“port”:":443",“proto”:“https”,“time”:“2020-11-12T08:58:54Z”,“url”:“https://drone.xxxxxxxxx.cn”}
{“interval”:“30m0s”,“level”:“info”,“msg”:“starting the cron scheduler”,“time”:“2020-11-12T08:58:54Z”}
{“interval”:“24h0m0s”,“level”:“info”,“msg”:“starting the zombie build reaper”,“time”:“2020-11-12T08:58:54Z”}

Jim-Jian · November 12, 2020, 9:33am

forgot to pass 443 in firewall

Now ssl is working, but can not login my github account.

Login Failed. Post “https://github.com/login/oauth/access_token”: x509: certificate signed by unknown authority

csgitharness · November 12, 2020, 11:52am

Hello Jim, kindly confirm if you are using the self signed certs here, if yes then you need to provide the github server certificate to the Drone server, or you need to disable SSL verification of communication between Drone and Bitbucket Server using DRONE_STASH_SKIP_VERIFY=true

Let us know if this helps. Thanks!!

Jim-Jian · November 13, 2020, 1:36am

Hi csgit, thanks a lot for your reply.
The cert is provided by , should not be a self signed cert.
And nothing changed after i added --env=DRONE_STASH_SKIP_VERIFY=true. Still the same output.
Login Failed. Post “https://github.com/login/oauth/access_token”: x509: certificate signed by unknown authority

bradrydzewski · November 13, 2020, 12:34pm

The drone/drone docker images is bundled with root ca certificates at /etc/ssl/certs/ca-certificates.crt [1]. You are mounting a volume that overrides these certificates with your own. Overriding the root certs is the likely root cause of your error. Consider mounting your SSL certs at a different location.

[1] https://github.com/drone/drone/blob/master/docker/Dockerfile.server.linux.amd64#L23