"error dialing backend: x509: certificate signed by unknown authority" For https://gitlab.com

I’m using the public-hosted https://gitlab.com server.
The Runner is self-hosted in our Kubernetes cluster.

In the past week have been getting a lot of the following errors.

ERROR: Job failed (system failure): error dialing backend: x509: certificate signed by unknown authority

Sometimes this error comes when

  • Getting source from Git repository
  • Preparing environment
  • Uploading artifacts for failed job
  • Uploading artifacts for successful job

I have updated to the newest v13 version v13.12.0.

The docker image used for the runner is gitlab/gitlab-runner:alpine-v13.12.0@sha256:1d32a9389175a4b1619d658592f70ef97bbc56be0b34a284e08ff49bec856e88

We have not set the helper image, so it is the default.

I have used Self-signed certificates or custom Certification Authorities | GitLab to force the cert.
This has had no impact.
As expected since I’m using the public-hosted GitLab and it is using a trusted CA.

There is no proxy server in our environment.

If I keep retrying the jobs they will eventually succeed.

There is no proxy server in our environment.

What OS is the container running? Make sure it is up ti date to get the latest ca certs.

Alpine mostly. But some are CentOS and Ubuntu. I’ll check the CA certs.

The more I research how the runner CI jobs work, the more I think this is not a cert issue in the image for the job, but in the helper image.

The helper image is what talks to GitLab to fetch the git repo and download/upload artifacts.