bower
Fresh certificate has incorrect expiration date
While doing bower install I get following error:
#0 1.681 bower angular-elastic#2.4.2 CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-elastic failed: certificate has expired
ERROR: failed to solve: process "/bin/bash -o pipefail -c bower install" did not complete successfully: exit code: 1
bower.io cert looks fine, but going to https://registry.bower.io/packages/angular-elastic it shows that cert is issued today, but it expires yesterday
It's true that the certificate is issued today, but its expiration date is July 23.
It seems to me that something wrong with the new certificate because we have the same problem:
bower angular#~1.5.0 CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular failed: certificate has expired
I too facing the same issue.
(node:16801) [DEP0022] DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead.
Warning: Request to https://registry.bower.io/packages/angular-resource failed: certificate has expired Use --force to continue.`
Same here, the SSL certificate needs to be properly created and installed for https://registry.bower.io/packages/ to get this resolved:
As @mchrapek mentioned here:- https://github.com/bower/bower/issues/2608#issuecomment-1519835378, adding "strict-ssl": false to .bowerrc file made it worked
Edit: This is not a recommended approach, but for testing only.
but I don't recommend this solution, disabling SSL can be dangerous, I did this just to check if the problem is with SSL
Im experiencing this behaviour from my Jenkins CI/CD for Docker image creation. Is there any temp solution? such as alterative registry? I don't want to disable SSL.
any idea when this can be sorted out, CI/CD is having the cert issue with installing the bower, looking for some solution without disabling SSL
From what we have noticed, this issue seems to be happening in the servers/machines that was already performing bower commands, which has some SSL certificate caching present during the SSL handshake process. For new machines (where bower command is ran for the first time), the issue seems not present
As a temporary work around, we commented out bower command from the CI/CD process(since we do not have new packages being added at the moment) and retained a copy of the bower_components folder in the server (this is not recommended approach, but had to do this to solve a deployment blocker).
Need to find a permanant fix next day!
Hello Guys, any solution for this?
I Had the same on CircleCI:
bower invalid-meta for:/root/project/watson2/bower.json bower invalid-meta The "name" is recommended to be lowercase, can contain digits, dots, dashes bower CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-media-queries failed: certificate has expired
Exited with code exit status 1 CircleCI received exit code 1
In my Steps I run:
steps:
- checkout
- run: npm install -g bower
Same issues here, setting strict-ssl to false has worked as a temp solution. Hope this is resolved soon.
I have the same issue in a CI pipeline. Its an oudated node and bower version
npm install -g [email protected]
bower install MutationObserver-shim
# …
# bower CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/MutationObserver-shim failed: certificate has expired
curl had the same issue:
curl https://registry.bower.io/packages/MutationObserver-shim
# curl: (60) SSL certificate problem: certificate has expired
I fixed the issue for curl by removing an invalid itermediary cert:
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates
curl https://registry.bower.io/packages/MutationObserver-shim
# {"name":"MutationObserver-shim","url":"https://github.com/megawac/MutationObserver.js.git"}
But bower still has the same issue:
bower install MutationObserver-shim
# bower CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/MutationObserver-shim failed: certificate has expired
Would it be possible that bower somehow uses a differnt ca-cert folder than curl?
Would it be possible that bower somehow uses a differnt ca-cert folder than curl?
This seems to be true, but it is fixable:
export NODE_OPTIONS=--use-openssl-ca
bower install MutationObserver-shim
and it went just fine.
So for me the entire fix was:
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates
export NODE_OPTIONS=--use-openssl-ca
For us fix was only:
export NODE_OPTIONS=--use-openssl-ca
,cuz we use azure k8s builder
node 7.10.1 on Ubuntu 22.04.
None of bellow doesn't work.
Tried with:
export NODE_OPTIONS=--use-openssl-ca
then I added
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
Then I tried
NODE_OPTIONS=--use-openssl-ca bower install ...
NODE_OPTIONS=--use-openssl-ca SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt bower install ...
Added "ca": "/etc/ssl/certs/ca-certificates.crt", to bower.json.
Nothing.
node 7.10.1 on Ubuntu 22.04.
None of bellow doesn't work.
Tried with:
export NODE_OPTIONS=--use-openssl-cathen I addedexport SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crtThen I tried
NODE_OPTIONS=--use-openssl-ca bower install ...NODE_OPTIONS=--use-openssl-ca SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt bower install ...Added
"ca": "/etc/ssl/certs/ca-certificates.crt",to bower.json. Nothing.
I think NODE_OPTIONS needs node 8+
The certificate is fine, and it seems most of issues are related to using old version of Node, otherwise they can be solved by setting export NODE_OPTIONS=--use-openssl-ca. Bower's certificate renewal works fine.
But true solution is to stop using Bower as it is for a very long time deprecated software. If you want modern alternative with file locking (extremely important for security and long-term maintenance as there is no easy way to pin whole tree of dependencies for Bower, only top level ones), please follow this guide to migrate to Yarn. It's pretty simple as there is helper command:
https://bower.io/blog/2017/how-to-migrate-away-from-bower/
If bower-away doesn't work for you for some reason, please send pull request with fix :)
I think NODE_OPTIONS needs node 8+
You are right. I'll se how high I can go from prehistoric 7.2.1. And if there are problems then it seems that recompiling node itself is going to be the only option.
Migrating away and/or upgrading this is not an option for at least another 12 months.
Other solutions you might try for now are:
- Put all dependencies in separate git repository somehow and clone them instead of running
bower install - You can also try to disable ssl (not recommended) in .bowerrc: with
{ "strict-ssl": false }
In the meantime I'll work on another solution that should fix this issue by embedding registry within Bower itself.
Other solutions you might try for now are:
- Put all dependencies in separate git repository somehow and clone them instead of running
bower install- You can also try to disable ssl (not recommended) in .bowerrc: with
{ "strict-ssl": false }In the meantime I'll work on another solution that should fix this issue by embedding registry within Bower itself.
We cannot use any of the workarounds suggested here so far. May I know how long will it take for the "another solution" that you are working on to be out?
So for me the entire fix was:
sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf update-ca-certificates export NODE_OPTIONS=--use-openssl-ca
That fixed it for me, thanks ! (Docker node)
For now it seems that I could upgrade up to node 9.11.2. And with that NODE_OPTIONS work. Things build, QA is in progress. The rest will have to wait
Same issue, running from GitHub actions on windows-latest, with node 8.12 (yeah, i know).
Halp pls
bower install works for newer versions of node.
Only bower install command I execute on the newer node (for example 12), and the rest of the commands for building the project I execute on the version I need.
It worked for us.
Having the same issue. Tried some step as below:
- Added "strict-ssl": false to bowerrc file.
- Ran bower install.
- Delete downloaded bower components.
- Removed "strict-ssl": false from bowerrc file.
- Ran bower install again.
Worked for me!!!
Other solutions you might try for now are:
- Put all dependencies in separate git repository somehow and clone them instead of running
bower install- You can also try to disable ssl (not recommended) in .bowerrc: with
{ "strict-ssl": false }In the meantime I'll work on another solution that should fix this issue by embedding registry within Bower itself.
Hi @sheerun , Is there any update on the fix that you were working on?
Other solutions you might try for now are:
- Put all dependencies in separate git repository somehow and clone them instead of running
bower install- You can also try to disable ssl (not recommended) in .bowerrc: with
{ "strict-ssl": false }In the meantime I'll work on another solution that should fix this issue by embedding registry within Bower itself.
Hi @sheerun , Is there any update on the fix that you were working on?
+1, is there any ETA on this fix.
As I mentioned here, a temporary solution that solved the issue for us was to use the heroku-mirror rather than the regular registry.
Rather than turning off SSL we've set the registry parameter in the .bowerrc like this.
{
"directory": "bower_components",
"registry": "https://bower.herokuapp.com",
}
Not sure how permanent of a solution it is as I've seen it mentioned that certs for node versions <10 are discontinued now, but at least it worked for us and it sure beats turning off SSL.
