Alpine Linux添加Let‘s Encrypt CA证书或者自签CA证书

概述Alpine Linux添加Let‘s Encrypt CA证书或者自签CA证书 [toc] 1. 用docker进行查看 进入容器， docker run -it alpine:latest /bin/sh 安装curl， apk --no-cache add curl 对比发现curl依赖ca-certificates， 网上查到update-ca-certificates命令为更新系统ca证 Alpine linux添加Let‘s Encrypt CA证书或者自签CA证书

[toc]

1. 用docker进行查看

进入容器，
docker run -it alpine:latest /bin/sh

安装curl，
apk --no-cache add curl

对比发现curl依赖ca-certificates，

网上查到update-ca-certificates命令为更新系统ca证书，

2. 添加CA证书

经过 *** 作总结，发现有2种方式添加ca证书至系统内，以下示例：

2.1 放至目录/usr/local/share/ca-certificates/

将Let‘s Encrypt Authority X3的CA证书Letsencrypt_Root_CA.crt放至目录/usr/local/share/ca-certificates/下，并执行update-ca-certificates，即可完成证书更新。

-----BEGIN CERTIFICATE-----MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2olheyncdaNBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDtixMDMxNzE2NDA0NlowSjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMTGkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418Xcsl7e4S0EFq6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkolZHP/uaZ6WA8SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWAa6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIGCCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNvbTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9kc3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAwVAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcCARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAzMDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwuY3JsMB0GA1UdDgQWBBSoSmpjBH3duubrobemRWXv86JsoTANBgkqhkiG9w0BAQsFAAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJouM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/wAPIvJswtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwuX4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlGPfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==-----END CERTIFICATE-----

2.2 放至目录/usr/share/ca-certificates/

将Let‘s Encrypt Authority X3的CA证书Letsencrypt_Root_CA.crt放至目录/usr/share/ca-certificates/下，在文件/etc/ca-certificates.conf中配置引用路径，并执行update-ca-certificates，即可完成证书更新。

3. 小结

从curl命令过程可以看出，/etc/ssl/certs/ca-certificates.crt是最终生效的CA文件，因此，可以将CA证书的内容直接添加进此文件。update-ca-certificates其实也就是干的这件事，在没有此命令时，直接添加内容至CA文件中是最好的选择。

以下是gitlab-runner不支持letsencrypt证书解决办法：

Dockerfile

FROM gitlab/gitlab-runner:alpine-v11.11.2USER rootcopY Letsencrypt_Root_CA.crt /usr/local/share/ca-certificates/RUN apk --no-cache add ca-certificates   && rm -rf /var/cache/apk/*   && update-ca-certificatesUSER gitlab-runner

总结

以上是内存溢出为你收集整理的Alpine Linux添加Let‘s Encrypt CA证书或者自签CA证书全部内容，希望文章能够帮你解决Alpine Linux添加Let‘s Encrypt CA证书或者自签CA证书所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。