GitHub Actions: Self-Signed Certificate Error
source link: https://www.shellhacks.com/github-actions-self-signed-certificate-error/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitHub Actions: Self-Signed Certificate Error
If in a GitHub Actions workflow you try to check out a repository from an URL with a self-signed certificate or a certificate signed by a non-trusted certificate authority (CA), you will get this error:
request to <URL> failed, reason: self signed certificate in certificate chain
In this note i will show how to fix the self-signed certificate error in GitHub Actions by adding trusted CA certificates.
Cool Tip: Get a FREE Wildcard SSL/TLS Certificate from Let’s Encrypt! Read more →
Self-Signed Certificate in GitHub Actions
If you use GitHub Actions with self-hosted runners, you can resolve the “self signed certificate in certificate chain” error by starting the runner with the NODE_EXTRA_CA_CERTS
environment variable that should point to a file with the CA certificates, for example:
$ cd /opt/github/actions-runner/2.289.3/ $ export NODE_EXTRA_CA_CERTS="/etc/pki/ca-trust/source/anchors/org-ca.crt" $ ./run.sh
If you have configured the self-hosted runner application as a service, the NODE_EXTRA_CA_CERTS
environment variable can be set in the service file as follows:
$ vi /etc/systemd/system/actions.runner._services.hostname.service $ cat /etc/systemd/system/actions.runner._services.hostname.service [Unit] Description=GitHub Actions Runner (_services.hostname) After=network.target [Service] ExecStart=/opt/github/actions-runner/2.289.3/runsvc.sh WorkingDirectory=/opt/github/actions-runner/2.289.3 KillMode=process KillSignal=SIGTERM TimeoutStopSec=5min Environment="NODE_EXTRA_CA_CERTS="/etc/pki/ca-trust/source/anchors/org-ca.crt" [Install] WantedBy=multi-user.target $ systemctl daemon-reload $ systemctl restart actions.runner._services.hostname.service
Cool Tip: How to get SSL certificate from a server (site’s URL)! Read more →
Server and CA certificates can be retrieved using this command:
$ echo | openssl s_client -showcerts -servername=example.tld -connect example.tld:443
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK