[GH-ISSUE #1136] [Bug] 0.4.12版本镜像缺失CA证书导致无法验证HTTPS、证书申请失败 #765

New issue

Closed

opened 2026-03-03 01:05:50 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 01:05:50 +03:00

Owner

Originally created by @raydiodroid on GitHub (Jan 1, 2026).
Original GitHub issue: https://github.com/certimate-go/certimate/issues/1136

Release Version / 软件版本

0.4.12

Description / 缺陷描述

更新容器后工作流报错：failed to initialize acme client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": tls: failed to verify certificate: x509: certificate signed by unknown authority

已有明确的临时解决方法：在容器内切换HTTP源并更新CA证书
sed -i 's/https/http/g' /etc/apk/repositories
apk add --no-cache ca-certificates
update-ca-certificates
恢复 HTTPS 源
sed -i 's/http/https/g' /etc/apk/repositories

Steps to reproduce / 复现步骤

更新到0.4.12后执行申请证书工作流

Logs / 日志

[2026-01-01 04:00:00]
the workflow is starting
[2026-01-01 04:00:00]
ready to request certificate ...
[2026-01-01 04:00:00]
found last workflow run
[2026-01-01 04:00:00]
re-apply, because the last issued certificate expires in 12 day(s)
[2026-01-01 04:00:00]
acme config initialized
[2026-01-01 04:00:00]
acme account initialized
[2026-01-01 04:00:04]
could not obtain certificate
[2026-01-01 04:00:04]
failed to initialize acme client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": tls: failed to verify certificate: x509: certificate signed by unknown authority
[2026-01-01 04:00:04]
ready to send notification ...
[2026-01-01 04:00:05]
webhook responded
[2026-01-01 04:00:05]
notification completed
[2026-01-01 04:00:05]
the workflow is ending

Miscellaneous / 其他

No response

Contribution / 贡献代码

I am interested in contributing a PR for this! / 我乐意为此提交代码并发起 PR！

Originally created by @raydiodroid on GitHub (Jan 1, 2026). Original GitHub issue: https://github.com/certimate-go/certimate/issues/1136 ### Release Version / 软件版本 0.4.12 ### Description / 缺陷描述更新容器后工作流报错：failed to initialize acme client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": tls: failed to verify certificate: x509: certificate signed by unknown authority 已有明确的临时解决方法：在容器内切换HTTP源并更新CA证书 sed -i 's/https/http/g' /etc/apk/repositories apk add --no-cache ca-certificates update-ca-certificates 恢复 HTTPS 源 sed -i 's/http/https/g' /etc/apk/repositories ### Steps to reproduce / 复现步骤更新到0.4.12后执行申请证书工作流 ### Logs / 日志 [2026-01-01 04:00:00] the workflow is starting [2026-01-01 04:00:00] ready to request certificate ... [2026-01-01 04:00:00] found last workflow run [2026-01-01 04:00:00] re-apply, because the last issued certificate expires in 12 day(s) [2026-01-01 04:00:00] acme config initialized [2026-01-01 04:00:00] acme account initialized [2026-01-01 04:00:04] could not obtain certificate [2026-01-01 04:00:04] failed to initialize acme client: get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get "https://acme-v02.api.letsencrypt.org/directory": tls: failed to verify certificate: x509: certificate signed by unknown authority [2026-01-01 04:00:04] ready to send notification ... [2026-01-01 04:00:05] webhook responded [2026-01-01 04:00:05] notification completed [2026-01-01 04:00:05] the workflow is ending ### Miscellaneous / 其他 _No response_ ### Contribution / 贡献代码 - [ ] I am interested in contributing a PR for this! / 我乐意为此提交代码并发起 PR！