Load a custom CA certificate into Gitea action runner app

LDS · July 12, 2025, 6:52pm

In my home lab I have a Gitea server “on prem” (not accessibile from the Internet), using a TLS certificate issued by my home lab custom CA. I have this CA loaded into TrueNAS - the TrueNAS certificate itself is issued by this CA.

When I try to deploy the Gitea action runner app, it doesn’t register with the Gitea server because the TLS authentication fails because ot the missing CA (that’s what I found in the container logs).

Is there a way to install my CA into the container app without creating a separate image, or pushing the certificate after the container is running?

isometry · December 28, 2025, 3:42pm

I had the same query. There isn’t a particularly “nice”, integrated way to achieve this, but it’s not hard.

Assuming that you have your CA certificate stored at /mnt/tank/private-ca.crt, first determine its hash, which you’ll use to augment the trust store in your gitea-act-runner app:

$ openssl x509 -hash -in /mnt/tank/private-ca.crt -noout
abc1234d

Now, (re)configure your gitea-act-runner with the following additional storage mount:

Type: Host Path
Read Only: true
Mount Path: /etc/ssl/certs/abc1234d.0 # <= replace private CA hash here, with .0 appended
Host Path: /mnt/tank/private-ca.crt

Topic		Replies	Views
Deploying Gitea Act Runner on Truenas Scale Apps and Virtualization SCALE	1	728	October 23, 2024
Certificate_create.certificate: Unable to parse certificate when using local small step certificate authority Apps and Virtualization SCALE , SSL , Security , Docker	2	72	March 27, 2026
Gitea installation - Permission denied Apps and Virtualization	3	1915	August 18, 2024
Basic install of Gitea on Truenas scale Apps and Virtualization	4	1847	March 25, 2025
Deploying an SSL cert to Docker apps Apps and Virtualization	1	483	January 17, 2025

Load a custom CA certificate into Gitea action runner app

Related topics