invalid peer certificate: NotValidForName on fetch() for unsecure http addresses

[starrematte]

Hi all, I'm having an issue when calling an external http address that does not have a security certificate installed on (if installed it works perfectly).

I noticed that Deno (or the Rust layer) automatically assumes that it will be an https request and switch to "https". Additionally it puts also an "#undefined" after the URL.

Uncaught TypeError: error sending request for url (https://exampleservice.withno.certificate#undefined): error trying to connect: invalid peer certificate: NotValidForName
    at async mainFetch (ext:deno_fetch/26_fetch.js:266:12)
    at async fetch (ext:deno_fetch/26_fetch.js:490:7)

I looked in the Rust documentation for this kind of error and says the follow:

/// The subject names in an end-entity certificate do not include
/// the expected name.
NotValidForName

My deno specs:

deno 1.35.3 (release, x86_64-apple-darwin)
v8 11.6.189.12
typescript 5.1.6

Thank you in advance!

[mmastrac]

It might be that your site is redirecting to a secure site. When it does, we require a valid certificate for fetch to work.

What do you get if you run this command against the site with no certificate?

curl -D- http://exampleservice.withno.certificate

[sant123]

I'm facing the same issue, the error I get is this with the curl command above:

curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Edit

I'm using Deno v1.38.0

[sant123]

I'm using Fedora 39 and this solved my issue https://docs.fedoraproject.org/en-US/quick-docs/using-shared-system-certificates/#_adding_new_certificates