40

I'm getting the below error while doing server-side rendering.

RENDERING ERROR: { [Error: Network error: request to https://api-dev.xyz.io/graphql failed, reason: Hostname/IP doesn't match certificate's altnames: "Host: localhost. is not in the cert's altnames: DNS:*.xyz.io"]
  graphQLErrors: null,
  networkError: 
   { [FetchError: request to https://api-dev.xyz.io/graphql failed, reason: Hostname/IP doesn't match certificate's altnames: "Host: localhost. is not in the cert's altnames: DNS:*.xyz.io"]
     name: 'FetchError',
     message: 'request to https://api-dev.xyz.io/graphql failed, reason: Hostname/IP doesn\'t match certificate\'s altnames: "Host: localhost. is not in the cert\'s altnames: DNS:*.xyz.io"',
     type: 'system',
     errno: undefined,
     code: undefined },
  message: 'Network error: request to https://api-dev.xyz.io/graphql failed, reason: Hostname/IP doesn\'t match certificate\'s altnames: "Host: localhost. is not in the cert\'s altnames: DNS:*.xyz.io"',
  extraInfo: undefined }

Note:- I'm using react, redux, apollo-client(GraphQL) and ExpressJS(NodeJS). The API server to which I'm making the request is on another domain and I can't make any change on that.

While working with client-side rendering I'm not facing any difficulties everything is working as intended but while doing server-side render I'm getting the above error.

So I tried the below approaches on my server but still no luck.

  1. Adding self-signed certificate

  2. Adding 'rejectUnauthorized':false in https options.

    const options = {
  'key': key,
  'cert': cert,
  'ca': [ fs.readFileSync('local-certificate.pem') ],
  'rejectUnauthorized':false
};

https.createServer(options, app).listen(httpsPort, '0.0.0.0', function onStart(err) {
  if (err) { console.log(err); }
  console.info('==> Listening on httpsPort %s. Open up http://0.0.0.0:%s/ in your browser.', httpsPort, options);
});

  3. Also I tried to add an alt name in my self-signed certificate with the help of How can I generate a self-signed certificate with SubjectAltName using OpenSSL?

Is there any way to bypass certificate verification so that my express server can make a request to the API server which is on another domain with a valid certificate?

I'm still a bit unsure whether I can fix it by making any changes at my end (on my express server).

Please let me know any insights on this.

Tridib Dawn
  • 168
  • 1
  • 11
manish keer
  • 1,847
  • 3
  • 17
  • 25
  • Does this help? https://stackoverflow.com/a/21961005/4274918 – aravindanve Dec 06 '18 at 00:21
  • I did have this exact same problem and I migrated from apollo-boost here is the link: https://www.apollographql.com/docs/react/migrating/boost-migration/ and it worked – ismatim Dec 15 '19 at 18:39
  • I'm having the same problem. Did you manage to find the solution? – lumenwrites Jun 27 '21 at 07:38
  • I suggest that you rephrase/explain your question better. Use a diagram if possible to explain the servers/clients part. You can create a certificate, you can edit hosts file, but before I give an answer I need to better understand your question. – Daggie Blanqx - Douglas Mwangi Oct 29 '21 at 00:18

4 Answers4

1

The error is not caused by the code you have in your question.

What you are doing is that you are creating a new HTTP server, that will listen to httpsPort and will bind to 0.0.0.0 which means all local IP addresses.

I suggest you omit 0.0.0.0 when binding to all local IP addresses since this is the default behavior anyway, but this is not a problem.

Then you are assigning this server the certificate local-certificate.pem which means that clients connecting to this server will be presented this certificate.

You are not connecting to any external APIs in this part of the code.

mmomtchev
  • 2,497
  • 1
  • 8
  • 23
1

I believe Michael Landis was trying to get this point across, but didn't quite provide the solution. If your service is running on locally on 192.168.100.100, then this needs to be in your hosts file (e.g. /etc/hosts on linux):

192.168.100.100 api-dev.xyz.io

The request that's currently failing needs to be made to api-dev.xyz.io, even during SSR. It's much easier to avoid the requests to "http[s]://localhost/...".

Brandon Lee Detty
  • 266
  • 1
  • 5
0

The error message is stating that the server at https://api-dev.xyz.io/graphql believes that the incoming request is being directed to https://localhost/graphql. Therefore, it is failing because the SSL certificate is not securing https://localhost/.

Could your server-side rendering be trying to perform a fetch/API call to the same server that is doing the server-side rendering to load initial data for the render? If so, could the initial data that the client needs from the API be passed to the server-side rendering directly instead of React trying to perform an API call to itself in the server-side render?

Perhaps this tutorial could be used as an example reference.

Sators
  • 2,746
  • 1
  • 20
  • 26
-2

The host name is a system-level setting below NodeJS. You'll need to have access to the the box/VM your copy of NodeJS is running on.

Michael Landis
  • 1,074
  • 7
  • 12