go get: Git settings are ignored

Question

I try to go get a repository from a private gitlab server, from a mac.

I set the git config (~/.gitconfig) to use ssh instead of https :

[url "[email protected]:"]
    insteadOf = https://gitlab.mysite.com/

When I clone the project using the https url, I get the correct replacement

$ git clone https://gitlab.mysite.com/group/project
$ cd project
$ git remote -v
origin  [email protected]:group/project (fetch)
origin  [email protected]:group/project (push)

However, when I use go get, it tries to use the https url, and fail

$ go get gitlab.mysite.com/group/project
package gitlab.mysite.com/group/project: unrecognized import path "gitlab.mysite.com/group/project" (https fetch: Get https://gitlab.mysite.com/group/project?go-get=1: x509: certificate signed by unknown authority)

Why is go get not using my git configuration ? How can I fix that ?

I know the problem is similar to this question : go get: Git settings ignored and many other question concerning private repos

my problem is different

Answer 1

That error occurs before the git clone call. When you call go get, it makes an HTTPS call out to the URL to check the headers and see if it provides a go get redirect. That's what's failing.

And it's failing because the certificate provided by the server isn't signed by a Certificate Authority that you have specified as trusted on your local system. This could be because your internal gitlab is using an unsigned certificate, because the CA used to sign it hasn't been added to your local system, or because your workplace is using a man-in-the-middle style proxy and you don't have that proxy's CA added. You can either attempt to fix the cert issue, or simply run:

go get -insecure gitlab.mysite.com/group/project

The -insecure flag permits fetching from repositories and resolving custom domains using insecure schemes such as HTTP. Use with caution.

Notably, this bypasses the validation of the CA used to sign the server's certificate.