dosubot[bot] commented on issue #8702: URL: https://github.com/apache/incubator-devlake/issues/8702#issuecomment-3869300662
<!-- Greeting --> Hi @kunal-ppcd! I'm [Dosu](https://go.dosu.dev/dosubot) and I’m helping the incubator-devlake team. <!-- Answer --> This error is happening because the environment where DevLake is running doesn't trust GitHub's SSL certificate, not because of your PAT or any GitHub organization restriction. The key part of the error is `x509: certificate signed by unknown authority`, which means DevLake can't verify GitHub's certificate—usually due to missing CA certificates in the OS/container, or because a proxy/firewall is intercepting SSL traffic with its own certificate that isn't trusted by default. By default, DevLake verifies SSL certificates for all outgoing HTTPS connections. You can disable this check globally by setting the environment variable `IN_SECURE_SKIP_VERIFY=true`, but this is insecure and should only be used as a last resort [source](https://github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/helpers/pluginhelper/api/api_client.go#L58-L395). To troubleshoot: 1. Check how DevLake is deployed (Docker, Kubernetes, etc). If it's in a container, make sure the container has up-to-date CA certificates (for example, install or update the `ca-certificates` package). 2. From inside the container or host, run `curl https://api.github.com` to see if you get the same certificate error. 3. If your network uses a proxy or SSL inspection, make sure the proxy's CA certificate is added to the container's trust store. 4. Only if you can't resolve the trust issue, set `IN_SECURE_SKIP_VERIFY=true` in your environment, but be aware this disables all SSL certificate checks for all plugins and is not recommended for production [source](https://github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/env.example#L65-L66). There are no known bugs or recent changes in DevLake that would cause this—it's an environment or network trust issue. If you need more details, enable DEBUG logging in DevLake to get more info about the connection attempts. <!-- Dosu Comment Footer --> *To reply, just mention [@dosu](https://go.dosu.dev/dosubot).* --- <sup>How did I do? [Good](https://app.dosu.dev/response-feedback/b3cf4a5a-b523-4056-889f-c30b53952bac?feedback_type=great_response) | [Irrelevant](https://app.dosu.dev/response-feedback/b3cf4a5a-b523-4056-889f-c30b53952bac?feedback_type=irrelevant_answer) | [Incorrect](https://app.dosu.dev/response-feedback/b3cf4a5a-b523-4056-889f-c30b53952bac?feedback_type=incorrect_sources) | [Verbose](https://app.dosu.dev/response-feedback/b3cf4a5a-b523-4056-889f-c30b53952bac?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/b3cf4a5a-b523-4056-889f-c30b53952bac?feedback_type=hallucination) | [Report 🐛](https://app.dosu.dev/response-feedback/b3cf4a5a-b523-4056-889f-c30b53952bac?feedback_type=bug_report) | [Other](https://app.dosu.dev/response-feedback/b3cf4a5a-b523-4056-889f-c30b53952bac?feedback_type=other)</sup> [](https://app.dosu.dev/b4e8e847-d479-4541-83a8-d88d83fea5c9/ask?utm_source=github) [](https://cursor.com/link/prompt?text=This%20error%20is%20happening%20because%20the%20environment%20where%20DevLake%20is%20running%20doesn%27t%20trust%20GitHub%27s%20SSL%20certificate%2C%20not%20because%20of%20your%20PAT%20or%20any%20GitHub%20organization%20restriction.%20The%20key%20part%20of%20the%20error%20is%20%60x509%3A%20certificate%20signed%20by%20unknown%20authority%60%2C%20which%20means%20DevLake%20can%27t%20verify%20GitHub%27s%20certificate%E2%80%94usually%20due%20to%20missing%20CA%20certificates%20in%20the%20OS/container%2C%20or%20because%20a%20proxy/firewall%20is%20intercepting%20SSL%20traffic%20with%20its%20own%20certificate%20that%20isn%27t%20trusted%20by%20default.%0A%0ABy%20default%2C%20DevLake%20verifies%20SSL%20certificates%20for%20all%20outgoing%20HTTPS%20connections .%20You%20can%20disable%20this%20check%20globally%20by%20setting%20the%20environment%20variable%20%60IN_SECURE_SKIP_VERIFY%3Dtrue%60%2C%20but%20this%20is%20insecure%20and%20should%20only%20be%20used%20as%20a%20last%20resort%20%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/backend/helpers/pluginhelper/api/api_client.go%23L58-L395%29.%0A%0ATo%20troubleshoot%3A%0A1.%20Check%20how%20DevLake%20is%20deployed%20%28Docker%2C%20Kubernetes%2C%20etc%29.%20If%20it%27s%20in%20a%20container%2C%20make%20sure%20the%20container%20has%20up-to-date%20CA%20certificates%20%28for%20example%2C%20install%20or%20update%20the%20%60ca-certificates%60%20package%29.%0A2.%20From%20inside%20the%20container%20or%20host%2C%20run%20%60curl%20https%3A//api.github.com%60%20to%20see%20if%20you%20get%20the%20same%20certificate%20error.%0A3.%20If%20your%20network%20uses%20a%20proxy%20or%20SSL%20inspection%2C%20make%20sure%20the%20proxy%27s%20CA%20certificate%20i s%20added%20to%20the%20container%27s%20trust%20store.%0A4.%20Only%20if%20you%20can%27t%20resolve%20the%20trust%20issue%2C%20set%20%60IN_SECURE_SKIP_VERIFY%3Dtrue%60%20in%20your%20environment%2C%20but%20be%20aware%20this%20disables%20all%20SSL%20certificate%20checks%20for%20all%20plugins%20and%20is%20not%20recommended%20for%20production%20%5Bsource%5D%28https%3A//github.com/apache/incubator-devlake/blob/2c15ad880dce830c6512fa58039527cbf4745b8b/env.example%23L65-L66%29.%0A%0AThere%20are%20no%20known%20bugs%20or%20recent%20changes%20in%20DevLake%20that%20would%20cause%20this%E2%80%94it%27s%20an%20environment%20or%20network%20trust%20issue.%20If%20you%20need%20more%20details%2C%20enable%20DEBUG%20logging%20in%20DevLake%20to%20get%20more%20info%20about%20the%20connection%20attempts.) [](https://go.dosu.dev/discord-bot) [](https:// twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/incubator-devlake/issues/8702) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
