Getting x509: certificate signed by unknown authority

We use custom CA

Mounting it as suggested here:

https://docs.gitlab.com/runner/install/kubernetes.html#providing-a-custom-certificate-for-accessing-gitlab

and here

https://docs.gitlab.com/runner/configuration/tls-self-signed.html#supported-options-for-self-signed-certificates

IMHO documents are not completely clear and ambiguous. In my case hostname.crt contains only my custom CA. Should it work? No luck.

ls -la /home/gitlab-runner/.gitlab-runner/certs/
lrwxrwxrwx 1 root root   19 Sep 13 15:53 hostname.crt -> ..data/hostname.crt

[31;1mERROR: Registering runner... failed               [0;m  [31;1mrunner[0;m=4waUKyTq [31;1mstatus[0;m=couldn't execute POST against https://git.com/api/v4/runners: Post https://git.com/api/v4/runners: x509: certificate signed by unknown authority
[31;1mPANIC: Failed to register this runner. Perhaps you are having network problems[0;m 
Registration attempt 30 of 30

For example if my git is git.com I was trying to mount /home/gitlab-runner/.gitlab-runner/certs/git.com.crt with CA only. Did not work either.

Workaround

Set the path of the certificate to the CI_SERVER_TLS_CA_FILE variable.

envVars:
  - name: CI_SERVER_TLS_CA_FILE
    value: /home/gitlab-runner/.gitlab-runner/certs/git.nonprod.mycorp.plc.crt

Edited Feb 21, 2020 by Steve Xuereb