That time I ran into issues with my certificates being invalid leading to problems communicating between Fly.io and my Turso database.

Fly.io + Turso = ♥️ once you solve those certificate issues.

Introduction

I am currently writing a personal finance tracker app using Go, Htmx, Tailwind, and Turso. When setting the application up to initially deploy to Fly.io I ran into the following error message:

failed to execute SQL: INSERT INTO users(email, first_name, id, last_name, password_hash) VALUES(?,?,?,?,?) RETURNING email, first_name, id, last_name, modified_at
Post "https://[DATABASE].turso.io/v2/pipeline": tls: failed to verify certificate: x509: certificate signed by unknown authority

The Solution

After two days of troubleshooting on my own and asking questions in the Turso Discord @athos came up with the solution. I honestly would never have guessed this so kudos to him! At the time of writing when generating the Dockerfile to deploy to Fly using fly launch the boilerplate that comes back uses golang:1.22-bookworm & debian:bookworm as the base images. I am no expert when it comes to Docker, especially building custom images. The problem ended up being that either ca-certificates was not installed in the debian image or that the certificates were out of date. Simply adding the below fixed the problem so Turso would accept the incoming request to my database instance:

FROM debian:bookworm
 
+ # Need to add ca-certificates or will see the below error:
+ # tls: failed to verify certificate: x509: certificate signed by unknown authority
+ RUN apt-get update && apt-get install -y ca-certificates
+ RUN update-ca-certificates
 
COPY --from=builder /run-app /usr/local/bin/
CMD ["run-app"]

Wrap Up

I hope this will help someone out there on the intertubes who runs into a similar issue!