Bamboo running on Docker fails to checkout code from Bitbucket due to x509: certificate signed by unknown authority

Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.

Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible

Summary

With Bamboo running on a Docker container, a plan fails to checkout the code from Bitbucket with the following error:

1 x509: certificate signed by unknown authority

Environment

Bamboo running on a Docker container.

Diagnosis

The following is seen in the error thrown by the plan or its branches when trying to run a build.

Error running the plan

1 stderr: fetch: Fetching reference XXX batch response: Post "https://git:XXXX/p/a/t/h": x509: certificate signed by unknown authority error: failed to fetch some objects

Cause

The error "x509: certificate signed by unknown authority" indicates that Bamboo is presenting an SSL certificate that was issued by a Certification Authority that Bitbucket does not trust.

Solution

In order to fix this error, please make sure the public certificate from your Bitbucket instance has been added to the Bamboo Docker container.

  1. You can run the following commands from inside the container to achieve that:

    1 openssl s_client -connect BITBUCKET_IP:PORT < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /root/git-public.crt_*

  2. Then run the following command to load the downloaded certificates in the container:

    1 update-ca-certificates -f

  3. You can test the connection by switching to the bamboo user inside the container and running a git clone operation against the desired repository.

  4. Bamboo needs to be restarted to pick up the newest certificates. You might also need to include the updated certificates in the image used to build the container.

Updated on March 19, 2025
Platform
Data Center only
Product
Bamboo Data Center
On this pageSummaryDiagnosisCauseSolution

Still need help?

The Atlassian Community is here for you.
Ask the Community