gatsby/devcert https fails: Error: "localhost" is not a valid domain name

[ngmgit]

Description

Running gatsby develop -S throws the below error.
Also found that devcert might be the reason why it fails. davewasmer/devcert#56

> xxx-abc-xyz@0.5.3 develop /home/xxxx/project 
> gatsby develop --https  

info setting up automatic SSL certificate (may require elevated permissions/sudo) 

 ERROR #11522
 
Failed to generate dev SSL certificate  

See our docs page for more info on this error: https://www.gatsbyjs.org/docs/local-https/#setup

  Error: "localhost" is not a valid domain name.  
  
  - index.js:36                
    [auth]/[devcert]/dist/index.js:36:19 
    
  - Generator.next       
  
  - tslib.js:115  
    [auth]/[tslib]/tslib.js:115:75  
    
  - new Promise 
  
  - tslib.js:111 Object.__awaiter
    [auth]/[tslib]/tslib.js:111:16

  - index.js:34 certificateFor
    [auth]/[devcert]/dist/index.js:34:20

  - get-ssl-cert.js:80 module.exports
    [auth]/[gatsby]/dist/utils/get-ssl-cert.js:80:15

  - develop.js:157 module.exports
    [auth]/[gatsby]/dist/commands/develop.js:157:49

  - next_tick.js:81 processTicksAndRejections
    internal/process/next_tick.js:81:5

  - next_tick.js:51 process.runNextTicks [as _tickCallback]
    internal/process/next_tick.js:51:3

Steps to reproduce

Any version of gatsby >= 2.19.0 fails when the cmd gatsby develop --https is run.

Expected result

Run gatsby develop --https without any error and the https endpoint should be accessible.

Actual result

Fails with the above error.

Environment

  System:
    OS: Linux 5.3 Ubuntu 18.04.4 LTS (Bionic Beaver)
    CPU: (8) x64 Intel(R) Core(TM) i5-8300H CPU @ 2.30GHz
    Shell: 4.4.20 - /bin/bash
  Binaries:
    Node: 11.11.0 - ~/.nvm/versions/node/v11.11.0/bin/node
    Yarn: 1.22.4 - /usr/bin/yarn
    npm: 6.7.0 - ~/.nvm/versions/node/v11.11.0/bin/npm
  Languages:
    Python: 2.7.17 - /usr/bin/python
  Browsers:
    Chrome: 83.0.4103.97
    Firefox: 77.0.1
  npmPackages:
    gatsby: ^2.22.19 => 2.23.3
    gatsby-plugin-react-helmet: ^3.1.16 => 3.1.22
    gatsby-source-filesystem: ^2.1.40 => 2.1.48
  npmGlobalPackages:
    gatsby-cli: 2.12.45

[ngmgit]

Also for now the solution to use latest gatsby and avoid the issue is to provide the cert and key files using flags this skips devcert. Atleast for me it works and doesn't halt my work.

[Js-Brecht]

See davewasmer/devcert#57

[ascorbic]

Closing as this seems to be a devcert issue that should hopefuly be fixed soon

[Js-Brecht]

For anyone coming to this later, you can also pin devcert to v1.1.0. The issue was introduced in v1.1.1

[JustFly1984]

@ascorbic please reopen, @Js-Brecht pinning devcert to 1.1.0 helped to fix running gatsby develop -S locally, but in Github actions linux ubuntu 18 it still fails with error:

while running clean install (with removing yarn.lock, .cache and node_modules I see warning from devcert:

warning devcert@1.1.0: secuurity vulnerability fixed in v1.1.1

rverting gatsby back to 2.23.2 does not help too.

[ascorbic]

That still sounds like a devcert error, rather than a problem with Gatsby

[Js-Brecht]

@JustFly1984 that is a devcert issue, but one unrelated to this one. If libnss is not installed, then it will attempt to install it for you. It is either trying to install the wrong library for Ubuntu 18, or the CI doesn’t have the correct apt sources.

devcert doesn’t really support CI/CD... it’s going to require too much intervention. I guess one way would be to disable the automatic setup of libnss... it’s only going to be needed for browsers anyway, and you probably won’t be running a browser in CI. That should be done from Gatsby; it could use either a new CLI parameter, or watch for process.env.CI to change that configuration parameter when calling devcert. That particular parameter is here:

gatsby/packages/gatsby/src/utils/get-ssl-cert.js

Line 77 in b955504

skipCertutilInstall: false,

However, all that aside, I still don’t think I’d recommend running devcert in CI/CD. I’m not even sure why you’d run gatsby develop at all in CI/CD.

---

You will see the warning about the security vulnerability; no way around that. It’s a feature of the package manager. Version 1.1.1 fixed a potential remote execution exploit, so a warning was placed on 1.1.0... but that’s not really something you would need to worry about when running gatsby develop. It’s something you’d need to worry about if you’re running devcert in production.

[JustFly1984]

@Js-Brecht we are running gatsby develop -S, cos it is faster than running gatsby build and run webserver to run it with cypress. Currently cypress silently running with dev server with gatsby@2.23.4. devcert rolled back to 1.1.0, and we are installing libnss into github actions ubuntu docker

[lalasmuathasim]

I also faced the same issue the steps I did to rectify this are

1 - Created a certificate and key using OpenSSL (For windows machine - https://helpcenter.gsx.com/hc/en-us/articles/115015960428-How-to-Generate-a-Self-Signed-Certificate-and-Private-Key-using-OpenSSL) - The steps will be different for Mac and Linux but the Idea might be same

2 - Copy the Certificate and Key file to the project folder

3 - Then run the command yarn dev -S --key-file ./privateKey.key --cert-file ./certificate.crt

[outaTiME]

Same here on mac 😢 workaround ?

[lalasmuathasim]

Same here on mac 😢 workaround ?

Have you tried creating pivatekey and certificate then running yarn dev -S --key-file ./privateKey.key --cert-file ./certificate.crt

[Js-Brecht]

For anybody that wants to use their own self-signed certificate to workaround this issue, there’s been several methods described in #14490. For example, see my comment here. Shouldn’t need the NODE_EXTRA_CA_CERTS environment variable anymore, though. That’s been fixed.

Another way was using mkcert, in the comment above mine.

An easier workaround is to add a resolution in your package.json for ”devcert”: “1.1.0”.

{
  "resolutions": {
    "devcert": "1.1.0"
  }
}

Only works with Yarn. For PNPM, you’d need to use hooks.readPackage. There’s not really an easy way with npm to add a resolution like that

[outaTiME]

awesome @Js-Brecht the resolutions works as expected with yarn 👍

[Js-Brecht]

devcert version 1.1.2 is published. It should fix this issue.

[marcustisater]

I am still running into this problem with Gatsby 2.32 and devcert 1.1.3 running ubuntu-latest. Did anyone confirm it's working?

[NoahDavidATL]

Getting this issue with Gatsby 4.13.1

[Js-Brecht]

@NoahDavidATL a new version of devcert was released a couple of days ago, which introduced this issue. You may want to open a new ticket. This could be fixed by pinning the devcert version to 1.2.0

davewasmer/devcert#79
davewasmer/devcert#83

[martinszajt]

Hey.

As @Js-Brecht said, the error was re-introduced on version 1.21.

I was able to fix this issue by pinning devcert to 1.2.0. You can add these lines before the closing tag on your package.json.

  "overrides": {
    "gatsby": {
      "devcert": "1.2.0"
    }
  }