Closed gxldCptRick closed 2 years ago
Which URL are you trying to download? https://unofficial-builds.nodejs.org/ is on a rolling Let's Encrypt certificate. It's possible there is some fall out from the expired DST Root CA X3 (https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190) but AFAICT from accessing the site via FireFox our certificate is chaining to the ISRG Root X1 replacement.
Hi @richardlau I have a project that is failing regarding an invalid certificate, if you take for example this link: https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz
I am getting a stack Error: certificate has expired
error.
Try this:
curl --insecure -vvI https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
I am getting a
stack Error: certificate has expired
error. Try this:curl --insecure -vvI https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
@ldigiuseppe I'm confused. Your example and screenshot show that the certificate is valid and hasn't expired.
I think you are right @richardlau because I keep getting the same error everytime my CI runs.
I think you are right @richardlau because I keep getting the same error everytime my CI runs.
Oh you're using Node.js 8 in your CI? That probably will be broken -- it uses openssl 1.0.2 and that prefers the broken certification chain (https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/).
I am getting a
stack Error: certificate has expired
error. Try this:curl --insecure -vvI https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'
@ldigiuseppe I'm confused. Your example and screenshot show that the certificate is valid and hasn't expired.
Sorry, you are right, read it wrong yesterday. But I am getting the same issue as @gxldCptRick .
For now, we found a temporary workaround, adding this variable ENV NODE_TLS_REJECT_UNAUTHORIZED=0
but it sounds a bit risky and it's just temporary
Hi I am reaching out since one of my dependencies are using the build you maintain and it looks like the SSL certificate has expired.