Error "certificate has expired"

[MelyHC]

Al ejecutar un modulo que depende de node-fetch encontre este error de autenticación.

[luispaulorsl]

This is not an issue.
The TLS/SSL certificate from the server you fetch has actually expired.
Use .catch() to handle the Error.

[MelyHC]

Gracias por la aclaración, lo había intentado colocando un catch pero sali ese error, pero al ver tu respuesta y volverlo a intentar salio, errores, que pasan

[PierBover]

I'm having this error in an Electron app using node-fetch and I know for certain the certificate has not expired. It's a Heroku app with a Let's Encrypt certificate that expires on November 2, 2019.

It only happens to some users so I'm guessing Node or node-fetch is not renewing the certificate...

Any idea what might be happening?

[Richienb]

@PierBover If you're using Electron, wouldn't the fetch API be natively supported in the browser window?

[PierBover]

@Richienb yes but in this case I need to do the request in the Node part since this involves working with the filestystem.

[PierBover]

Apparently the default config on the HTTPS agent is to cache 100 TLS sessions:

https://nodejs.org/api/https.html#https_class_https_agent

I will try passing a custom agent to node-fetch and see if that fixes it.

Edit:

No, that didn't work.

I created an agent without SSL caching and passed it to node-fectch:

const agent = new https.Agent({
	maxCachedSessions: 0
});

const headers = {
	'Authorization': 'Bearer ' + token
};

const options = {
	headers,
	agent
}

const response = await fetch('/endpoint', options);

The only thing that fixes it is using this insecure hack:

process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;

Edit 2:

So we've tried with the request library and the native https client from Node with the same problem so I think it's safe to say the issue is not in node-fetch. Sorry for the noise.

[promatik]

Hi @PierBover did you find out the issue?
I'm having that issue right now. Don't know why, the certificate was renews 2 weeks ago, and lasts for almost more 3 months.

And I'm having a failed, reason: certificate has expired.

[pigochu]

Hi @PierBover did you find out the issue? I'm having that issue right now. Don't know why, the certificate was renews 2 weeks ago, and lasts for almost more 3 months.

And I'm having a failed, reason: certificate has expired.

@promatik

Me too , are u using let's encrypt ?

[vineet-celebrate]

We were facing the same issue. Did the following as a quick fix:

const https = require("https");

// custom agent as global variable
const agent = new https.Agent({
  rejectUnauthorized: false,
});
// node-fetch request with custom agent
const response = await fetch(config.get('url'),
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: `data=${JSON.stringify(payload)}`,
  agent,
});

[promatik]

Hi @pigochu yes, I'm using let's encrypt.
I had to disable TLS validation in the mean time, until I find a proper solution 😕

This started to happen all of the sudden.

process.env.NODE_TLS_REJECT_UNAUTHORIZED = 0;

Note this should NOT be done, this is a temporary fix.

[PierBover]

Sorry guys, I don't remember how I solved that and don't have access to the repo anymore.

[promatik]

For anyone arriving here with a certificate has expired. error, Electron v15.1.0 was just released, and it fixed my issue.
They merged Fixed Let's Encrypt DST Root CA X3 certificate expiration.

Thank you Luca for the help ✌

[Trysystems]

The same error.

[Araxeus]

For anyone arriving here with a certificate has expired. error, Electron v15.1.0 was just released, and it fixed my issue. They merged Fixed Let's Encrypt DST Root CA X3 certificate expiration.

Thank you Luca for the help ✌

They backported the fix to 12.2.1, 13.5.1, 14.1.0, 15.1.0, and 16 beta

[dmdum]

We were facing the same issue. Did the following as a quick fix:

const https = require("https");

// custom agent as global variable
const agent = new https.Agent({
  rejectUnauthorized: false,
});
// node-fetch request with custom agent
const response = await fetch(config.get('url'),
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: `data=${JSON.stringify(payload)}`,
  agent,
});

This worked for me. Should this be a temporary solution?

[kanishkab1]

We were facing the same issue. Did the following as a quick fix:

const https = require("https");

// custom agent as global variable
const agent = new https.Agent({
  rejectUnauthorized: false,
});
// node-fetch request with custom agent
const response = await fetch(config.get('url'),
  method: 'POST',
  headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
  body: `data=${JSON.stringify(payload)}`,
  agent,
});

This worked for me. Should this be a temporary solution?

Can anyone tell me whether this solution is legal for a production level node.js application, or it is not applicable?

[ViliusZur]

@kanishkab1 It probably depends on what kind of product you are building. If it's something that is heavily regulated - there might be legal consequences. You should never use this in production anyways, as it leaves you vulnerable for man in the middle attacks.