search

nodejs / unofficial-builds

Unofficial binaries for Node.js
https://unofficial-builds.nodejs.org
242 stars 50 forks source link

SSL Certificate is Expired #45

Closed gxldCptRick closed 2 years ago

gxldCptRick commented 2 years ago

Hi I am reaching out since one of my dependencies are using the build you maintain and it looks like the SSL certificate has expired.

richardlau commented 2 years ago

Which URL are you trying to download? https://unofficial-builds.nodejs.org/ is on a rolling Let's Encrypt certificate. It's possible there is some fall out from the expired DST Root CA X3 (https://community.letsencrypt.org/t/help-thread-for-dst-root-ca-x3-expiration-september-2021/149190) but AFAICT from accessing the site via FireFox our certificate is chaining to the ISRG Root X1 replacement. image

ldigiuseppe commented 2 years ago

Hi @richardlau I have a project that is failing regarding an invalid certificate, if you take for example this link: https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz

I am getting a stack Error: certificate has expired error. Try this: curl --insecure -vvI https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'

image

richardlau commented 2 years ago

I am getting a stack Error: certificate has expired error. Try this: curl --insecure -vvI https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }'

image

@ldigiuseppe I'm confused. Your example and screenshot show that the certificate is valid and hasn't expired.

gxldCptRick commented 2 years ago

I think you are right @richardlau because I keep getting the same error everytime my CI runs.

image

richardlau commented 2 years ago

I think you are right @richardlau because I keep getting the same error everytime my CI runs.

image

Oh you're using Node.js 8 in your CI? That probably will be broken -- it uses openssl 1.0.2 and that prefers the broken certification chain (https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/).

ldigiuseppe commented 2 years ago

I am getting a stack Error: certificate has expired error. Try this: curl --insecure -vvI https://unofficial-builds.nodejs.org/download/release/v8.16.2/node-v8.16.2-headers.tar.gz 2>&1 | awk 'BEGIN { cert=0 } /^\* SSL connection/ { cert=1 } /^\*/ { if (cert) print }' image

@ldigiuseppe I'm confused. Your example and screenshot show that the certificate is valid and hasn't expired.

Sorry, you are right, read it wrong yesterday. But I am getting the same issue as @gxldCptRick .

For now, we found a temporary workaround, adding this variable ENV NODE_TLS_REJECT_UNAUTHORIZED=0 but it sounds a bit risky and it's just temporary