Open vickylance opened 6 years ago
having the same problem after installing nvs, solved it via installing nvm for windows
Are you behind a corporate proxy that replaces TLS certificates? I can't think of any other reason why the nodejs.org
certificate would fail verification.
Are you behind a corporate proxy that replaces TLS certificates? I can't think of any other reason why the
nodejs.org
certificate would fail verification.
looks like that, it's a company laptop with all the company settings
Hi @jasongin , I have this problem too on my device, after installing a vpn application. How can I fix it. here is the output
PS C:\Users\xxx> nvs
Failed to download index: https://nodejs.org/dist/index.json
HTTP response status: 403
PS C:\Users\xxx> ping nodejs.org
Pinging nodejs.org [104.20.23.46] with 32 bytes of data:
Reply from 104.20.23.46: bytes=32 time=136ms TTL=50
Reply from 104.20.23.46: bytes=32 time=138ms TTL=50
Reply from 104.20.23.46: bytes=32 time=138ms TTL=50
Reply from 104.20.23.46: bytes=32 time=140ms TTL=50
Ping statistics for 104.20.23.46:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 136ms, Maximum = 140ms, Average = 138ms
PS C:\Users\xxx>
Your VPN probably uses a proxy that requires authentication. I'm guessing the 403 Forbidden response is from the proxy server (not nodejs.org).
There is some support for proxy settings in nvs
, though it's not as automatic on Windows as it could be. I'm not even sure if authenticating proxies are supported.
Thank you jasongin. I have removed proxy, but this problem is still there. I can ping nodejs.org and open nodejs.org in browser. What should I do.
Browsers have advanced ways of detecting proxy settings, and ping bypasses proxies because it is not HTTP or even TCP. If nvs
is still getting a 403 status, I suspect a proxy might still be the problem.
Here's a minimal node.js script that downloads the same URL:
node -e "require('https').get('https://nodejs.org/dist/index.json', r => r.pipe(process.stdout))"
If that succeeds for you while nvs
doesn't, then nvs
has a big problem. More likely I think nvs
just needs better support for your proxy environment... but unfortunately I don't have time to work on that.
Thank you and I love nvs very much. I try your minimal script. here is the output:
PS C:\Users\xxx> node -e "require('https').get('https://nodejs.org/dist/index.json', r => r.pipe(process.stdout))" | findstr 'html' ; nvs
<!DOCTYPE html>
<!--[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->
<!--[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->
<!--[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->
<!--[if gt IE 8]><!--> <html class="no-js" lang="en-US"> <!--<![endif]-->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
</html>
Failed to download index: https://nodejs.org/dist/index.json
HTTP response status: 403
PS C:\Users\xxx>
as can be seen, it's ok for nodejs script, but nvs. I will be mad🤦♂️.
Take another look at that output. It's supposed to be JSON. Did that HTML come from a proxy server?
Oops, I can't reproduce it. I restart my computer, and make sure there is no proxy, then got the result.
PS C:\Users\xxx> node -e "require('https').get('https://nodejs.org/dist/index.json', r => r.pipe(process.stdout))";nvs
events.js:352
throw er; // Unhandled 'error' event
^
Error: connect ETIMEDOUT 104.20.22.46:443
at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1148:16)
Emitted 'error' event on ClientRequest instance at:
at TLSSocket.socketErrorListener (_http_client.js:475:9)
at TLSSocket.emit (events.js:375:28)
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:82:21) {
errno: -4039,
code: 'ETIMEDOUT',
syscall: 'connect',
address: '104.20.22.46',
port: 443
}
Failed to download index: https://nodejs.org/dist/index.json
connect ETIMEDOUT 104.20.22.46:443
PS C:\Users\xxx>
more confused.
and here is what I have:
node -e "require('https').get('https://nodejs.org/dist/index.json', r => r.pipe(process.stdout))"
events.js:292
throw er; // Unhandled 'error' event
^
Error: self signed certificate in certificate chain
at TLSSocket.onConnectSecure (_tls_wrap.js:1497:34)
at TLSSocket.emit (events.js:315:20)
at TLSSocket._finishInit (_tls_wrap.js:932:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:706:12)
Emitted 'error' event on ClientRequest instance at:
at TLSSocket.socketErrorListener (_http_client.js:469:9)
at TLSSocket.emit (events.js:315:20)
at emitErrorNT (internal/streams/destroy.js:106:8)
at emitErrorCloseNT (internal/streams/destroy.js:74:3)
at processTicksAndRejections (internal/process/task_queues.js:80:21) {
code: 'SELF_SIGNED_CERT_IN_CHAIN'
}
and
nvs add lts
Failed to download index: https://nodejs.org/dist/index.json
self signed certificate in certificate chain
self signed certificate in certificate chain
Probably that means a proxy is rewriting HTTPS certificates (so that it's able to decrypt and audit HTTPS traffic).
The proxy CA is probably trusted in the system certificate store, however Node.js doesn't use it for some reason. I don't know how to fix that.
I have the same issue with my work laptop (self signed certificate in certificate chain). I'm not sure if we can look at npm somehow and figure it out. You just have to disable certificate checking altogether to get npm to work. In the .npmrc you enter the directive strict-ssl=false
and npm disregards the certificates. This is kind of problematic for obvious security reasons, but the corporate VPN won't allow you to have invalid SSL on the other side of it I would imagine, so it is probably OK when you are connected to VPN, just watch out when you're not.
Anyway +1 for figuring out a way to get around this.
nvs doesn't support self-signed certificate out-of-the-box, nor does Node.js. User behind corporate MITM proxy should set the environment variable NODE_EXTRA_CA_CERTS
, see Node.js Doc. Maybe this should be mentioned somewhere in the doc.
In the .npmrc you enter the directive
strict-ssl=false
and npm disregards the certificates.
I tried this but I still have problems to download index. Does anybody knows why nvs isn't respecting .npmrc configuration?
When I try to run the nvs command and then choose nodes I am getting the below error. But when I open safari I am able to hit the https://nodejs.org/dist/index.json Url and get the son response of all the nodes versions.
SDS-S-VIGNESH-MAC:~ sds-s.vignesh$ nvs Failed to download index: https://nodejs.org/dist/index.json unable to verify the first certificate SDS-S-VIGNESH-MAC:~ sds-s.vignesh$
Googling the error it points to this stack overflow issue.. Seems to set something regarding certificate when making a get request using the request module. https://stackoverflow.com/questions/31673587/error-unable-to-verify-the-first-certificate-in-nodejs