CERT_HAS_EXPIRED certificate has expired is thrown when I'm trying to update sinon package

[DaniRvd]

Output of bower -v && npm -v && node -v: C:\Users\daniel.ruse@cegeka.com\source\repos\Portals\CustomerAppNew> bower update sinon bower sinon# not-cached http://sinonjs.org/releases/sinon-1.17.6.0.js# bower sinon# resolve http://sinonjs.org/releases/sinon-1.17.6.0.js# bower sinon# download http://sinonjs.org/releases/sinon-1.17.6.0.js bower sinon#^11.1.2 cached https://github.com/cjohansen/Sinon.JS.git#11.1.2 bower sinon#^11.1.2 validate 11.1.2 against https://github.com/cjohansen/Sinon.JS.git#^11.1.2 bower sinon# CERT_HAS_EXPIRED certificate has expired

(paste your output here)

Additional environment details (proxy, private registry, etc.):

Steps to reproduce the issue:

Go to 'cmd' paste 'bower update sinon ' Run See error CERT_HAS_EXPIRED Expected behavior Sinon update should be made without any error Describe the results you received:

Describe the results you expected: Sinon update should be made without any error

Additional information:

[bountyhunt-bot]

A $20 bounty has been put on this issue over at bountyhunt.io.

Top contributors:

• $20 by @ffMathy
  What is this?

bountyhunt.io is an open source service that allows people to put bounties on issues, and allows bountyhunters to claim those bounties.

In a way, we're helping people get paid for the open source work they do, and for people to live off of open source development.

Additionally, we help bring attention to the issues that matter most in the open source community.

This comment will only appear once ever, and will be modified if new bounties arrive, to reduce spam.

[SergeyLukovnikov]

what node version? i think you should update node

[sheerun]

Please uninstall sinon and install it again with new repository, like so: bower install --save-dev sinonjs/sinon

[chhn03]

Hi, I am getting "CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-aria failed: certificate has expired". while doing bower install. Please suggest what could be the reason of it.

[ChristiaanScheermeijer]

@chhn03 I see that the Bower certificate was renewed on Monday, 24 April 2023 at 03:43:54. bower install works on my machine, but Bitbucket pipelines (dockerized) is failing with the same CERT_HAS_EXPIRED error. Still trying to figure out why the certificate isn't renewed automatically there...

[mchrapek]

@ChristiaanScheermeijer could you check if it still works on your machine after clearing the cache bower cache clean?

[mchrapek]

Similar issue is open in the bower/registry repository: https://github.com/bower/registry/issues/304

[ChristiaanScheermeijer]

Yes, it still works after that:

$ bower cache clean

bower deleted       Cached package angular-bootstrap: /Users/christiaanscheermeijer/.cache/bower/packages/060f2023684d502403f2380d2be22dba/1.3.2
bower deleted       Cached package angular: /Users/christiaanscheermeijer/.cache/bower/packages/060a9fe0e60a0d3d6c9ed350cde03e61/1.5.8
bower deleted       Cached package angular: /Users/christiaanscheermeijer/.cache/bower/packages/060a9fe0e60a0d3d6c9ed350cde03e61/1.2.32
...

$ bower install

bower angular-cookies#1.5.8 not-cached https://github.com/angular/bower-angular-cookies.git#1.5.8
bower angular-cookies#1.5.8    resolve https://github.com/angular/bower-angular-cookies.git#1.5.8
bower angular-mocks#1.5.8   not-cached https://github.com/angular/bower-angular-mocks.git#1.5.8
bower angular-mocks#1.5.8      resolve https://github.com/angular/bower-angular-mocks.git#1.5.8
bower angular-gettext#~0.2.4       not-cached https://github.com/rubenv/angular-gettext.git#~0.2.4
bower angular-gettext#~0.2.4          resolve https://github.com/rubenv/angular-gettext.git#~0.2.4
...

[mchrapek]

@ChristiaanScheermeijer Did you delete the bower_components folder before executing these commands? :thinking:

[ChristiaanScheermeijer]

Yes, well, I renamed the folder because I was scared of losing the files 😅

[mchrapek]

@ChristiaanScheermeijer okay, strange, last idea, could you show what settings you have in the .bowerrc file? :thinking:

[ChristiaanScheermeijer]

Sure, here it is:

{
    "directory": "app/bower_components"
}

[mchrapek]

When I added SSL disabling configuration "strict-ssl": false to .bowerrc file, everything fetched fine idk, something is wrong with the certificate :roll_eyes:

Edited: (I don't recommend this solution as production solution, disabling SSL can be dangerous, I did this just to check if the problem is with SSL)

[ajayarjunan]

Thanks @mchrapek , that worked for me!

[chhn03]

@mchrapek any solution for this, except disabling SSL?

[lucasDechenier]

Hello Guys, any solution for this?

I Had the same on CircleCI:

bower invalid-meta for:/root/project/watson2/bower.json bower invalid-meta The "name" is recommended to be lowercase, can contain digits, dots, dashes bower CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-media-queries failed: certificate has expired

Exited with code exit status 1 CircleCI received exit code 1

In my Steps I run:

steps:

• checkout
• run: npm install -g bower

[ChristiaanScheermeijer]

I did this in a hurry and certainly don't recommend doing this, but if you really need to deploy;

• Remove the bower_components folder from the .gitignore file
• Disable the bower install step in your CI definitions
• Commit the bower_components folder and the changes from above

I will revert this change when all certificate issues are resolved.

[marceloDq]

Hello Guys,

The same problem here. It worked only by disabling "strict-ssl": false in .bowerrc file but it doesn't a good idea. Waiting for a better solution :(

[hoggworks]

I'm having the same problem as well; is there any news on when the cert will be fixed?

[anaspaiva]

Adding SSL disabling configuration to .bowerrc file works for me.

{
  "directory": "bower_components",
  "registry": "https://registry.bower.io",
  "strict-ssl": false
}

[theobscenezen]

We brought it back to work by prefixing the following env-variable: NODE_OPTIONS=--use-openssl-ca

NODE_OPTIONS=--use-openssl-ca bower install

As to refer to https://github.com/bower/registry/issues/304#issuecomment-1520524290

[jfortier-haptiq]

TL;DR Upgrading the ancient version of node from v5.12 to the latest stable v18.16 seems to solve the issue for me (yikes this is an old project).

The older version of node was not recognizing the environment variable NODE_OPTIONS=--use-openssl-ca for me unfortunately – even though the system itself didn't have any issues recognizing the certs from registry.bower.io (ie: `curl, wget worked fine on the system). Bower on the hand didn't like it, and that's because of the node version. For me and my team – it's just easier to upgrade the project node version, and packages, and we're more secure for it too.

[cabexius]

got similar issue: went with suggestions above but in the following order: step 1 { "strict-ssl": false } step 2: bower .... step 3: updated this back again to: { "strict-ssl": true } step 4: bower (tested this a couple of times - it worked )

• miscellaneous (before step 1): bower cache clean && rm -rf /tmp/*

[jfortier-haptiq]

@cabexius I suspect bower is getting those packages from cache, and are the http packages. Run a bower cache clean and see if install works still.

[cabexius]

yup, that was nasty. certs looks all good too for registry.bower.io

[ffMathy]

I'm curious. What are peoples reason for using Bower instead of NPM in 2023? Genuinely curious.

[dondmcg]

I am working with a design system that has become vital to an enterprise that uses bower with no easy upgrade path to non bower version. (Pattern Lab)

[mchrapek]

bower install works for newer versions of node.

Only bower install command I execute on the newer node (for example 12), and the rest of the commands for building the project I execute on the version I need.

It worked for us.

[jfortier-haptiq]

I'm curious. What are peoples reason for using Bower instead of NPM in 2023? Genuinely curious.

@ffMathy legacy app, it's being migrated to a new system. I gave the devs grief for not keeping these dependencies up to date though. ;)

[Fabiana19]

I found a workaround that was installing the bower with node 12, without changing my current version of node, running npx -p node@12 bower install. Hope it helps!

[stormonster]

We're in a position where we can't upgrade the application for various reasons, but instead of turning off ssl in .bowerrc using "strict-ssl": false we managed to solve it by pointing the registry to what I have now been told is a deprecated alternate mirror (thanks @wsergent) understand is the "new default" (someone please correct me here if I'm wrong, I read it somewhere but can't remember where).

{
  "directory": "bower_components",
  "registry": "https://bower.herokuapp.com",
}

[sergioteixeirabasecone]

Solution provided by @stormonster worked for me. Thank you!

[TadeuCamillo]

Hi,

Adding SSL disabling configuration to .bowerrc file works for me. It was not necessary add directory, in my project it is otherwise.

{ "registry": "https://registry.bower.io", "strict-ssl": false }

[stormonster]

Adding SSL disabling configuration to .bowerrc file works for me.

This really should be the very last resort, so I hope you've tried all other potential solutions first, like the one I posted or the one @Fabiana19 mentioned. Disabling SSL is like driving blind folded and trusting everyone else on the road make sure you don't end up in an accident.

[TadeuCamillo]

Hi,

Thank you, I will test your solution.

I did it the way my friend went to release the Deploy.

[wsergent]

We're in a position where we can't upgrade the application for various reasons, but instead of turning off ssl in .bowerrc using "strict-ssl": false we managed to solve it by pointing the registry to what I understand is the "new default" (someone please correct me here if I'm wrong, I read it somewhere but can't remember where).

{
  "directory": "bower_components",
  "registry": "https://bower.herokuapp.com",
}

Thank you for this solution, this worked for us for now, but I would treat it only as a temporary workaround (though better than disabling SSL). According to this tweet from 2017, bower.herokuapp.com was deprecated in favour of registry.bower.io - so I think you have your 'new default' understanding backwards.

Either way, it worked for now!

[fanguitocoder]

I'm curious. What are peoples reason for using Bower instead of NPM in 2023? Genuinely curious.

Maintaining old systems, we're on our way to getting rid of bower already.

[caiocesarstx]

I'm curious. What are peoples reason for using Bower instead of NPM in 2023? Genuinely curious.

not everyone has a big team and time to update :)

[cabexius]

look mate, not bashing, some of us guys might be untouched with reality, and stuck in time, we all or should have taken point to migrate. yes we heard it all, let's just help the community to answer their needs for help. and yes to need to update. yes to the need to migrate.

[caiocesarstx]

look mate, not bashing, some of us guys might be untouched with reality, and stuck in time, we all or should have taken point to migrate. yes we heard it all, let's just help the community to answer their needs for help. and yes to need to update. yes to the need to migrate.

Yes, but not every system can be updated in a easy way, some companies strugle with daily problems and need to solv them to survive, int the ideal world the migration is easy and fast, but in reality the variables are greater.