mkcert icon indicating copy to clipboard operation
mkcert copied to clipboard

Published 20 hours ago verified publisher icon FiloSottile

Node unable to verify the first certificate error

Open mirker21 opened this issue 1 year ago • 4 comments

Environment

  • Operating system (including version): macOS Ventura 13.6.1
  • mkcert version (from mkcert -version): v1.4.4
  • Server (where the certificate is loaded): localhost:3000 (frontend), localhost:8080 (backend)
  • Client (e.g. browser, CLI tool, or script): Chrome

What you did

  • I followed the instructions, first doing mkcert -install

  • Entered mkcert -cert-file ~/cert.pem -key-file ~/key.pem localhost

  • Here are my options for both frontend and backend Node.js https servers:

var options = {
     key: fs.readFileSync(process.env.SSL_KEY_FILE),
     cert: fs.readFileSync(process.env.SSL_CRT_FILE),
     ca: fs.readFileSync(process.env.SSL_CRT_FILE),
};

I tried adding the ca property, I found a post mentioning it and then I found an example on how to use ca on node's website.

  • Finally added export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" to both my frontend and backend .env files, according to the README.md and this Issue

  • Also tried changing export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" to /Users/blahblahblah/Library/blahblahblah/mkcert/rootCA.pem

What went wrong

  • The frontend terminal displayed this error:
 ⨯ Internal error: TypeError: fetch failed
    at Object.fetch (node:internal/deps/undici/undici:11576:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Cause: Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1627:34)
    at TLSSocket.emit (node:events:514:28)
    at TLSSocket._finishInit (node:_tls_wrap:1038:8)
    at ssl.onhandshakedone (node:_tls_wrap:824:12)
    at TLSWrap.callbackTrampoline (node:internal/async_hooks:130:17) {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
 ⨯ Internal error: TypeError: fetch failed
    at Object.fetch (node:internal/deps/undici/undici:11576:11)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
digest: "956933652"
  • The backend terminal displayed no errors.

mirker21 avatar Dec 09 '23 23:12 mirker21

I got same issue, any update @FiloSottile ?

isrealbm avatar Jan 04 '24 09:01 isrealbm

I just found a solution, in the terminal when you are starting up the server I just had to include the directory of the rootCA.pem file:

HTTPS=true NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" npm run dev

mirker21 avatar Jan 04 '24 16:01 mirker21

I just found a solution, in the terminal when you are starting up the server I just had to include the directory of the rootCA.pem file:

HTTPS=true NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem" npm run dev

export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"

in .zprofile did the trick. Thanks! (I didn't seem to need HTTPS=true 🤷)

tofsjonas avatar Jun 12 '24 07:06 tofsjonas

After using NODE_EXTRA_CA_CERTS, I'm getting another error:

Error: self-signed certificate in certificate chain

amakhrov avatar Jul 03 '24 18:07 amakhrov