SSL Error: CERT_UNTRUSTED while using npm command

Question

I am trying to install express framework using npm command but getting following error.

error message is

E:\myFindings\nodejs_programs\node>npm install -g express
npm http GET https://registry.npmjs.org/express
npm ERR! Error: SSL Error: CERT_UNTRUSTED
npm ERR!     at ClientRequest.<anonymous> (C:\Program Files\nodejs\node_modules\npm\node_modules\request\main.js:409:26)
npm ERR!     at ClientRequest.g (events.js:185:14)
npm ERR!     at ClientRequest.EventEmitter.emit (events.js:88:17)
npm ERR!     at HTTPParser.parserOnIncomingClient [as onIncoming] (http.js:1445:7)
npm ERR!     at HTTPParser.parserOnHeadersComplete [as onHeadersComplete] (http.js:111:23)
npm ERR!     at CleartextStream.socketOnData [as ondata] (http.js:1356:20)
npm ERR!     at CleartextStream.CryptoStream._push (tls.js:396:27)
npm ERR!     at SecurePair.cycle (tls.js:751:20)
npm ERR!     at EncryptedStream.CryptoStream.write (tls.js:131:13)
npm ERR!     at Socket.ondata (stream.js:38:26)
npm ERR!  [Error: SSL Error: CERT_UNTRUSTED]
npm ERR! You may report this log at:
npm ERR!     <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR!     <npm-@googlegroups.com>

npm ERR! System Windows_NT 6.1.7601
npm ERR! command "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "-g" "express"
npm ERR! cwd E:\myFindings\nodejs_programs\node
npm ERR! node -v v0.8.0
npm ERR! npm -v 1.1.32
npm ERR! message SSL Error: CERT_UNTRUSTED
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR!     E:\myFindings\nodejs_programs\node\npm-debug.log
npm ERR! not ok code 0

help me to sort out

score 341 · Answer 1 · edited Dec 12 '14 at 00:40

341

You can bypass https using below commands:

npm config set strict-ssl false

or set the registry URL from https or http like below:

npm config set registry="http://registry.npmjs.org/"

However, Personally I believe bypassing https is not the real solution, but we can use it as a workaround.

edited Dec 12 '14 at 00:40

a paid nerd

30,702
30
134
179

answered Mar 20 '14 at 07:19

ramesh.mimit

9,445
4
21
23

14

Somewhat unsafe, but nice real world solution. – Bernard Saucier Jan 07 '16 at 15:06
2

Is it possible to remove bypass option once we used above command. If yes how we can remove bypass option? – rash111 Feb 26 '16 at 14:37
1

@rash111 I assume setting it to true should work: ```npm config set strict-ssl true``` – Gromer Mar 28 '16 at 21:19
12

"nice real world solution"... This is not nice at all, unless you like being hacked. – trusktr Aug 18 '18 at 00:10
1

Thanks! This is also necessary when using npm in a VirtualBox VM running Ubuntu 14.04. This is the only way to fix the CERT error, it comes even when the registry is configured to `"http://registry.npmjs.org/"` which is the default. – Prahlad Yeri Jul 15 '19 at 11:17
npm config set strict-ssl false = definitely not safe – Vandolph Reyes Apr 02 '20 at 10:39

score 54 · Answer 2 · edited Mar 13 '14 at 17:01

54

npm ERR! node -v v0.8.0
npm ERR! npm -v 1.1.32

Update your node.js installation.The following commands should do it (from here):

sudo npm cache clean -f
sudo npm install -g n
sudo n stable

Edit: okay, if you really have a good reason to run an ancient version of the software, npm set ca null will fix the issue. It happened, because built-in npm certificate has expired over the years.

edited Mar 13 '14 at 17:01

Jonathan Stray

2,708
2
26
32

answered Feb 19 '14 at 08:49

alex

11,935
3
30
42

3

I am currently using above two version, what is your point,I could not understand – Sudip7 Feb 19 '14 at 11:57
1

My point is: those versions are ancient, and built-in npm certificates in those are all expired already. If you install recent versions, they'll work. – alex Feb 19 '14 at 11:59
1

I tried to install the latest version and got some problem during installation. Someone in the SO suggested me to install the above version, it was installed properly, but now npm is not working. I am giving you link to my previous question http://stackoverflow.com/questions/21850871/trouble-in-installing-nodejs-using-node-v0-10-25-x86-msi – Sudip7 Feb 19 '14 at 12:07
1

okay, run `npm set ca null`, and your version will probably work. But you're running a very old piece of software, just saying. – alex Feb 19 '14 at 12:22
1

then how to upgrade to the current version in windows – Sudip7 Feb 19 '14 at 12:26
1

worked like a charm, thanks! I prefer this over bypassing https. Imo this should be marked as the correct answer. – smets.kevin Jan 27 '15 at 18:51
24

I found that running `sudo npm cache clean -f` then `sudo npm install -g n` gives a CERT_UNTRUSTED error after the second command. – fuzzi Apr 11 '18 at 20:17
2

According to the referenced link: "This method of upgrading node is now unstable and should not be used. The best way to manage Node.js versions is to use [NVM: Node Version Management.](https://davidwalsh.name/nvm)!" – chus Dec 17 '18 at 16:36

score 22 · Answer 3 · edited Dec 17 '18 at 21:03

22

I had same problem and finally I understood that my node version is old. For example, you can install the current active LTS node version in Ubuntu by the following steps:

sudo apt-get update
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install nodejs -y

Installation instructions for more versions and systems can be found in the following link:

https://github.com/nodesource/distributions/blob/master/README.md

edited Dec 17 '18 at 21:03

chus

1,577
15
25

answered Nov 05 '18 at 16:22

majran

469
5
13

Worked on Ubuntu 14. – Vignesh Chinnaiyan Jul 09 '19 at 08:42

score 9 · Accepted Answer · answered Apr 25 '14 at 13:04

9

I think I got the reason for the above error. It is the corporate proxy(virtual private network) provided in order to work in the client network. Without that connection I frequently faced the same problem be it maven build or npm install.

answered Apr 25 '14 at 13:04

Sudip7

2,384
3
27
35

score 5 · Answer 5 · answered Feb 18 '14 at 19:59

5

If you're behind a corporate proxy, try this setting for npm with your company's proxy:

npm --https-proxy=http://proxy.company.com install express -g

answered Feb 18 '14 at 19:59

Michael Oakley

383
3
5

3

If you work in a large organization it's common to have a proxy server between you and the internet. Sometimes it causes this issue. (It did for me) One possible test for this would be to take the computer off the network and npm install express from home. – Michael Oakley Feb 19 '14 at 15:02
Michael - I tried disconnecting from our corporate VPN and still got the same error. – Francisco d'Anconia Jul 28 '21 at 14:14

score 2 · Answer 6 · edited Jun 20 '20 at 09:12

Since i stumbled on the post via google:

Try using npm ci it will be much than an npm install.

From the manual:

In short, the main differences between using npm install and npm ci are:

The project must have an existing package-lock.json or npm-shrinkwrap.json.

If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.

npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.

If a node_modules is already present, it will be automatically removed before npm ci begins its install.

It will never write to package.json or any of the package-locks: installs are essentially frozen.

How does this address the SSL issue? – Matthew Read Jun 29 '22 at 21:48 — Matthew Read, Jun 29 '22 at 21:48

score 2 · Answer 7 · answered Oct 15 '19 at 12:27

2

Reinstall node, then update npm.

First I removed node

apt-get purge node

Then install node according to the distibution. Docs here .

Then

npm install npm@latest -g

answered Oct 15 '19 at 12:27

jplattus

281
3
11

score 1 · Answer 8 · answered Oct 14 '22 at 17:34

1

Only recommended if you are running a very old version of node/npm where the certificates have expired or been replaced,

first run npm set ca null

then do your npm install

answered Oct 14 '22 at 17:34

Eat at Joes

4,937
1
40
40

This fixed my localhost. – JPortillo Mar 15 '23 at 19:40

SSL Error: CERT_UNTRUSTED while using npm command

8 Answers8

Linked