Kubeadm init - unable to get URL "https ://dl.k8s.io/release/stable-1.txt"

Hi everyone,

I try to build kebernetes cluster in my LAB by running below command:
kubeadm init --pod-network-cidr= --apiserver-advertise-address=
and get the following message. If I execute the curl with --insecure parameter I can read the stable-1.txt file (see below). is this a problem with certificate? if so, how to fix it?

W0528 22:35:35.010502 30066 version.go:102] could not fetch a Kubernetes version from the internet: unable to get URL “https ://dl.k8s.io/release/stable-1.txt”: Get https ://dl.k8s.io/release/stable-1.txt: x509: certificate signed by unknown authority
W0528 22:35:35.010609 30066 version.go:103] falling back to the local client version: v1.18.3
W0528 22:35:35.010837 30066 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[init] Using Kubernetes version: v1.18.3
[preflight] Running pre-flight checks
[WARNING IsDockerSystemdCheck]: detected “cgroupfs” as the Docker cgroup driver. The recommended driver is “systemd”. Please follow the guide at https ://kubernetes.io/docs/setup/cri/
[preflight] Pulling images required for setting up a Kubernetes cluster
[preflight] This might take a minute or two, depending on the speed of your internet connection
[preflight] You can also perform this action in beforehand using ‘kubeadm config images pull’

root@lhubuag106:/etc/kubernetes# curl https ://dl.k8s.io/release/stable-1.txt
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http ://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
root@lhubuag106:/etc/kubernetes# curl --insecure https ://dl.k8s.io/release/stable-1.txt

302 Found

302 Found

nginx/1.10.3 root@lhubuag106:/etc/kubernetes#


Hello sylwester,
The problem seems that the certificate file may be missing. please try this option --cert-dir to use The path where to save and store the certificates. for more info please check here https://kubernetes.io/docs/reference/setup-tools/kubeadm/kubeadm-init/