How to use DRONE_VOLUME for certificates


i try to get drone working with a custom root ca. What i have done so far is setup DRONE_VOLUME in my compose file:

    image: drone/drone:0.8

      - 8080:8000
      - 9000
    restart: always
      - DRONE_OPEN=true
      - DRONE_HOST=https://drone-ci.example.con
      - DRONE_SECRET=myveryownsecret
      - DRONE_VOLUME=/etc/pki/tls/certs:/etc/ssl/certs

But that is not working. I am stil getting:

level=error msg=“cannot authenticate user. Post x509: certificate signed by unknown authority”

Do i have to name the root certificate in a special way? How can i debug this error?

Ok, for me it looks a little bit inconsistent. For plugin containers like git you can use DRONE_VOLUME to map your certificates chain but to HAVE to map to /etc/ssl/certs/ca-certificates.crt :

- DRONE_VOLUME=/etc/pki/ca-trust/extracted/openssl/

BUT: This seems not to be used for the gitea binding. I can not login to my gitea instance because i am still getting the error shown in my first post. Only workarount is to set skip_verify for gitea.

Is this the expected behavior?