receiving error: 'Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN' while using npm

node.js ssl-certificate npm

I am using npm v1.0.104/node 0.6.12 on ubuntu - I am receiving the error copied below while attempting to install any new modules via npm (I tested socket.io earlier using http, not https though & am wondering if that could have resulted in the issue with npm/unsigned certs). The error pops up once npm tries to resolve the 'https://registry.npmjs.org' URL. Is there anyway I can ignore the error or perhaps locate/add the cert to a trusted store in order to continue using npm.

Any insight on what needs to be done to resolve the issue will be appreciated (I would prefer to resolve the issue through configuration as opposed to re-installing if possible).

Error: "Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN"

Full Message:

npm ERR! Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN
npm ERR!     at ClientRequest.<anonymous> (/usr/lib/node_modules/npm/node_modules/request/main.js:252:28)
npm ERR!     at ClientRequest.emit (events.js:67:17)
npm ERR!     at HTTPParser.onIncoming (http.js:1261:11)
npm ERR!     at HTTPParser.onHeadersComplete (http.js:102:31)
npm ERR!     at CleartextStream.ondata (http.js:1150:24)
npm ERR!     at CleartextStream._push (tls.js:375:27)
npm ERR!     at SecurePair.cycle (tls.js:734:20)
npm ERR!     at EncryptedStream.write (tls.js:130:13)
npm ERR!     at Socket.ondata (stream.js:38:26)
npm ERR!     at Socket.emit (events.js:67:17)
npm ERR! Report this *entire* log at:
npm ERR!     <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR!     <npm-@googlegroups.com>
npm ERR! 
npm ERR! System Linux 2.6.38-13-generic
npm ERR! command "node" "/usr/bin/npm" "install" "jed"
npm ERR! node -v v0.6.12
npm ERR! npm -v 1.0.104

Dont remove strict SSL. Have a look at stackoverflow.com/a/16534065

As of February 27, 2014 npm no longer supports its self-signed certificates. Please see npm's blog post or the recent answer below for more information.

In case you're having trouble with this on AWS Elastic Beanstalk, a solution is available here: stackoverflow.com/questions/22096459/…

nolim1t: this does not address the cause of the issue, and Kevin: the commands in the blog post are incomplete. See stackoverflow.com/a/22099006/106302 for commands that worked for me.

@ali PLEASE change the 'Accepted answer' This issue is appearing because of an npm upgrade, and not an issue with SSL. Turning off SSL is BAD, and especially since the currently correct response is to update npm. The answer by Kevin Reilly should be the Accepted answer. Thank You.

Jean-François Fabre

Running the following helped resolve the issue:

npm config set strict-ssl false

I cannot comment on whether it will cause any other issues at this point in time.

run "npm config set ca null" instead, ignoring ssl errors is a bad idea

@SnowInferno SSL also guarantees that you are talking to the real registry.npmjs.org . Someone could potentially install malicious packages.

This is filthily wrong. Why are you even bothering using SSL if every time it does the one thing it's supposed to do you turn it off? "Any time ignoring an error leads to success, developers are going to do just that."

Please don't ignore ssl issues, as the error is there for a very good reason. Also, a bit of searching resulted in the following tweet, which links to the official solution to your problem (update npm): twitter.com/npmjs/status/439279809307242496

My issue was caused by a proxy that I'm behind, "npm config set ca null" and 'npm config set ca ""' still gave me the same error, but removing SSL worked perfectly. Sometimes good practice isn't as important as what actually works.

Kevin Reilly

As of February 27, 2014, npm no longer supports its self-signed certificates. The following options, as recommended by npm, is to do one of the following:

Upgrade your version of npm

npm install npm -g --ca=""

-- OR --

Tell your current version of npm to use known registrars

npm config set ca ""

Update: npm has posted More help with SELF_SIGNED_CERT_IN_CHAIN and npm with more solutions particular to different environments

sudo

Other options

It seems that people are having issues using npm's recommendations, so here are some other potential solutions.

Upgrade Node itself Receiving this error may suggest you have an older version of node, which naturally comes with an older version of npm. One solution is to upgrade your version of Node. This is likely the best option as it brings you up to date and fixes existing bugs and vulnerabilities.

The process here depends on how you've installed Node, your operating system, and otherwise.

Update npm
Being that you probably got here while trying to install a package, it is possible that npm install npm -g might fail with the same error. If this is the case, use update instead. As suggested by Nisanth Sojan:

npm update npm -g

Update npm alternative One way around the underlying issue is to use known registrars, install, and then stop using known registrars. As suggested by jnylen:

npm config set ca ""
npm install npm -g
npm config delete ca

Easiest solution is probably to download the latest version of Nodejs itself, it includes a new version of npm where this issue is resolved. None of the commands above worked for me.

I go with this solution since it's the first one not ignoring ssl (by either setting the check to false in config or using http instead). Thanks!

npm install npm -g also gives me the error SELF_SIGNED_CERT_IN_CHAIN

If this doesn't work, do npm config set ca "" first, then upgrade, then undo the config change. See: stackoverflow.com/a/22099006/106302

@Redsandro sudo changes the user, -g flag sets if to install globally for that user or just in local node_modules.

Hermann

For now I just switched registry URL from https to http. Like this:

npm config set registry="http://registry.npmjs.org/"

Worked like a charm for me. I didn't want to lose the original CA or force it to ignore SSL errors.

Worked perfectly. Thanks!

Disabling security can't be the solution!

I had previously used this, but for some reason switching it back to 'https://' from 'http://' made mine work again.

After trying all other solution, this work for me finally :-)

Andy

npm config set strict-ssl false -g

To save it globally

Doing this gives me the infamous cb() never called! npm error

After this setting, I'm geeting below error npm ERR! code E401 npm ERR! Unable to authenticate, need: Negotiate, NTLM npm ERR! A complete log of this run can be found in: npm ERR! C:\BuildAgent\npm-cache_logs\2019-06-24T10_23_46_563Z-debug.log

Elijah Lynn

The error SELF_SIGNED_CERT_IN_CHAIN means that you have self signed certificate in certificate chain which is basically not trusted by the system.

If that happens, basically something fishy is going on, therefore as people already commented, it is not recommended to just disable certificate checks, but better approach is to understand what is the problem and fix the cause of it.

This maybe related either to:

custom repository address which doesn't have the right certificate,

a corporate network with transparent proxy. If you're behind a corporate web proxy, you should set-up the proper HTTP_PROXY/HTTPS_PROXY environment variables or set them via npm: npm config set proxy http://proxy.company.com:8080 npm config set https-proxy http://proxy.company.com:8080 See: How to setup Node.js and Npm behind a corporate web proxy

If you trust the host, you can export the self-signed certificate from the chain and import them into system, so they're marked as trusted.

This can be achieved by checking the certificates by (change example.com into npm repo which is failing based on the npm-debug.log):

openssl s_client -showcerts -connect example.com:443 < /dev/null

then save the certificate content (between BEGIN and END) into .crt file in order to import it.

Linux

As per suggestion, you can add the below to the /etc/environment file (Node 7.4+) to export your CA chain, like:

NODE_EXTRA_CA_CERTS=/etc/pki/ca-trust/source/anchors/yourCer‌ts.pem

CentOS

On CentOS 5 this can be appended into /etc/pki/tls/certs/ca-bundle.crt file, e.g.

ex +'g/BEGIN CERTIFICATE/,/END CERTIFICATE/p' <(echo | openssl s_client -showcerts -connect example.com:443) -scq | sudo tee -a /etc/pki/tls/certs/ca-bundle.crt
sudo update-ca-trust force-enable
sudo update-ca-trust extract
npm install

^{Note: To export only first certificate, remove g at the beginning.}

In CentOS 6, the certificate file can be copied to /etc/pki/ca-trust/source/anchors/.

Ubuntu/Debian

In Ubuntu/Debian, copy CRT file into /usr/local/share/ca-certificates/ then run:

sudo update-ca-certificates

macOS

In macOS you can run:

sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain ~/foo.crt

Windows

In Windows: certutil -addstore -f "ROOT" new-root-certificate.crt

> If that's the case, you need to export the self-signed certificate from the chain and import them into system, so they're marked as trusted. - Makes trick for me.

Great! It also helps to add NODE_EXTRA_CA_CERTS=/etc/pki/ca-trust/source/anchors/yourCerts.pem to the /etc/environment. Node 7.4+ takes this into account

This is the only correct answer here. The rest is just an unsafe workaround...

@ph4r05 I did the same with ~/.zshrc on Mac: export NODE_EXTRA_CA_CERTS=/path-to-cert/yourCerts.pem

We Are All Monica

You need to upgrade npm.

// Do this first, or the upgrade will fail
npm config set ca ""

npm install npm -g

// Undo the previous config change
npm config delete ca

You may need to prefix those commands with sudo.

Source: http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more

@Oliver Salzburg: re. your edit: on OS X I don't think sudo is required at all, and only prefixing the upgrade command with sudo worked fine for me. YMMV.

Ah, this worked for me. Thanks for the specific instructions on undoing the config change (so I didn't have to dig it up myself)!

Interesting. I only made the edit after having tested this on a Debian server. I like the current revision though ;)

Ubuntu/Debian require additional linking, see my answer below.

This should be the accepted solution. This does not disable security and is the "official" solution desribed in npm blog.

Adam Lane

Putting this before the command seems to work NODE_TLS_REJECT_UNAUTHORIZED=0. ex: NODE_TLS_REJECT_UNAUTHORIZED=0 npm ...

It would be best to figure out how to make node see self signed certificate as valid. strict-ssl suggestion above didn't work for me for some reason. If you understand the security implications and need a temporary quick fix, this is what I found in some random github issues during Google search of the error.

for Windows, use "set NODE_TLS_REJECT_UNAUTHORIZED=0". And then works like a charm !!

It works :)

Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.

Redsandro

The repository no longer supports self-signed certificates. You need to upgrade npm.

// Disable the certificate temporarily in order to do the upgrade
npm config set ca ""

// Upgrade npm. -g (global) means you need root permissions; be root 
// or prepend `sudo`
sudo npm install npm -g

// Undo the previous config change
npm config delete ca

// For Ubuntu/Debian-sid/Mint, node package is renamed to nodejs which 
// npm cannot find. Fix this:
sudo ln -s /usr/bin/nodejs /usr/bin/node

You need to open a new terminal session in order to use the updated npm.

Source: This was originally an edit on jnylen's answer. Although the guidelines say "We welcome all constructive edits, but please make them substantial," the edit was rejected due to "This edit changes too much in the original post; the original meaning or intent of the post would be lost." I guess the community prefers a separate answer.

This worked for me. However I didn't need the last command: sudo ln -s /usr/bin/nodejs /usr/bin/node.

It probably depends on whether you installed from the official Ubuntu repositories, a third party repository (for a newer version), or compiled yourself (for newest version).

Patrick

For those who on a mac with the same issue and installed npm via homebrew:

brew uninstall npm

then

brew install npm

Works for me on osx (10.9.1)

EDIT: You may need to brew update before installing npm. You can also do a brew upgrade after updating homebrew. Also it might be helpful to run brew doctor if you run into any other issues.

can we install brew on window ?

jiz

just for development in windows

$Env:NODE_TLS_REJECT_UNAUTHORIZED=0

just a small detail - this is a script to run from Powershell console. And then run "npm i" within the same PowerShell window.

Community

Quick and clean solution (linux tested) (After fatidic February 27, 2014)

Uninstall npm

npm rm npm -g

Install npm (new URL is www.npmjs.org instead npmjs.org)

curl https://www.npmjs.org/install.sh | sh

Tip: how to install node.js in linux https://stackoverflow.com/a/22099363/333061

The command doesn't work anymore due to a redirect 301 but you can still type https://www.npmjs.org/install.sh in your browser and download it before running it manually.

Or run curl with the -L flag

previous curl https://npmjs.org/install.sh command is redirecting to https://www.npmjs.org/install.sh that's why curl https://www.npmjs.org/install.sh | sh works seamless. is OK to install from now on little padawan. :)

TheDomis4

I've created an article how to disable most npm problems behind a corporate firewall if you're out of options.

Be aware that you might be vulnerable to attacks.

https://wnderlvst.com/stories/102a237a-cea1-463b-89db-82224f1c1cbe

Powershell

yarn config set "strict-ssl" false
yarn config set "network-timeout" 600000
$env:NODE_TLS_REJECT_UNAUTHORIZED=0

Florian Winter

Uninstall NPM and install it again.

As of February 27, 2014 npm no longer supports its self-signed certificates. http://blog.npmjs.org/post/78085451721/npms-self-signed-certificate-is-no-more

The link above suggests upgrading NPM using NPM. This also fails with SELF_SIGNED_CERT_IN_CHAIN...

Jeremiah Orr

Turning off SSL seems like a profoundly bad idea. npm's blog explains that they no longer support their self-signed cert. They suggest upgrading npm via npm install npm -g, but I of course got the same SELF_SIGNED_CERT_IN_CHAIN error. So I just updated node, which updated npm along with it. Exact procedure depends on how you installed node in the first place.

somshivam

You will need to find the proxy details of your company and the npm registry that you should be using. After that you can specify the same in .npmrc file located under user folder C:/users/.

this is how it can be specified -

registry=https://your_company/npm/registry/
proxy=http://username:password@proxy:port/
https-proxy=http://username:password@proxy:port/

The password is in plain text which is obviously not ideal may be there is a way to encrypt it in a way that npm understands.

Sreekanth Kategaru

I was having the same SSL self signed cert error because of corporate proxy. I was having issue while installing node-gyp. I tried uninstalling Angular/cli first and installing node-gyp and then try reinstalling Angular cli

npm uninstall -g @angular/cli
npm install -g node-gyp
npm install -g @angular/cli

It worked perfectly

billoverton

For me this was a super simple solution. All I needed to do was set the https-proxy in npm via npm config set https-proxy "http://proxyserverurl:port". @somshivam 's solution works too, but if you're going to have the module installed by a cloud pipeline like Azure DevOps, you can't have the proxy setting in the npmrc file or it will fail.

receiving error: 'Error: SSL Error: SELF_SIGNED_CERT_IN_CHAIN' while using npm

Follow WeChat

Want to stay one step ahead of the latest teleworks?

相似问题

Platform

Support

Links

Contact US