Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Node unable to verify the first certificate error #563

Open
mirker21 opened this issue Dec 9, 2023 · 4 comments
Open

Node unable to verify the first certificate error #563

mirker21 opened this issue Dec 9, 2023 · 4 comments

Comments

@mirker21
Copy link

mirker21 commented Dec 9, 2023

Environment

  • Operating system (including version): macOS Ventura 13.6.1
  • mkcert version (from mkcert -version): v1.4.4
  • Server (where the certificate is loaded): localhost:3000 (frontend), localhost:8080 (backend)
  • Client (e.g. browser, CLI tool, or script): Chrome

What you did

  • I followed the instructions, first doing mkcert -install

  • Entered mkcert -cert-file ~/cert.pem -key-file ~/key.pem localhost

  • Here are my options for both frontend and backend Node.js https servers:

var options = {
     key: fs.readFileSync(process.env.SSL_KEY_FILE),
     cert: fs.readFileSync(process.env.SSL_CRT_FILE),
     ca: fs.readFileSync(process.env.SSL_CRT_FILE),
};

I tried adding the ca property, I found a post mentioning it and then I found an example on how to use ca on node's website.

  • Finally added export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" to both my frontend and backend .env files, according to the README.md and this Issue

  • Also tried changing export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" to /Users/blahblahblah/Library/blahblahblah/mkcert/rootCA.pem

What went wrong

  • The frontend terminal displayed this error:
 ⨯ Internal error: TypeError: fetch failed
    at Object.fetch (node:internal/deps/undici/undici:11576:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Cause: Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1627:34)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket._finishInit (node:_tls_wrap:1038:8)
    at ssl.onhandshakedone (node:_tls_wrap:824:12)
    at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
 ⨯ Internal error: TypeError: fetch failed
    at Object.fetch (node:internal/deps/undici/undici:11576:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
digest: "956933652"
  • The backend terminal displayed no errors.
@isrealbm
Copy link

isrealbm commented Jan 4, 2024

I got same issue, any update @FiloSottile ?

@mirker21
Copy link
Author

mirker21 commented Jan 4, 2024

I just found a solution, in the terminal when you are starting up the server I just had to include the directory of the rootCA.pem file:

HTTPS=true NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" npm run dev

@tofsjonas
Copy link

I just found a solution, in the terminal when you are starting up the server I just had to include the directory of the rootCA.pem file:

HTTPS=true NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" npm run dev

export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"

in .zprofile did the trick. Thanks! (I didn't seem to need HTTPS=true 🤷)

@amakhrov
Copy link

amakhrov commented Jul 3, 2024

After using NODE_EXTRA_CA_CERTS, I'm getting another error:

Error: self-signed certificate in certificate chain

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants