21

~ I'm using Node 10.9.0 and npm 6.2.0 ~

I have the following app running that allows me to make a request to the same site over http and over https.

var fetch = require('node-fetch')
const express = require('express')
const app = express()

//-- HTTP --
app.get('/test-no-ssl', function(req, res){
  fetch('http://jsonplaceholder.typicode.com/users')
  .then(res => res.json())
  .then(users => {
    res.send(users)
  }).catch(function(error) {
    res.send(error)
  })
})

//-- HTTPS --
app.get('/test-ssl', function(req, res){
  fetch('https://jsonplaceholder.typicode.com/users')
  .then(res => res.json())
  .then(users => {
    res.send(users)
  }).catch(function(error) {
    res.send(error)
  })
})

app.listen(3003, () => 
  console.log('Listening on port 3003...')
)

Both of these work fine on my local machine and return the JSON response that Typicode provides. But when I deploy these as a Node app on my web host (FastComet), I get the following results:

HTTP /test-no-ssl - Returns the JSON as expected

HTTPS /test-ssl - Returns the following error:

{ 
  "message" : "request to https://jsonplaceholder.typicode.com/users failed, reason: unable to get local issuer certificate",
  "type" : "system",
  "errno" : "UNABLE_TO_GET_ISSUER_CERT_LOCALLY",
  "code" : "UNABLE_TO_GET_ISSUER_CERT_LOCALLY"
}

I searched for this error and tried a couple of the usual fixes, but nothing has helped.

These didn't work:

npm config set registry http://registry.npmjs.org/

npm set strict-ssl=false

Has anyone else run into this on a shared hosting provider (that supports Node) and has been able to get this to work? Perhaps even someone who uses FastComet? The support staff of the host doesn't seem to know what to do either, so I'm at a loss.

Clifton Labrum
  • 13,053
  • 9
  • 65
  • 128

2 Answers2

40

Try using the following:

process.env["NODE_TLS_REJECT_UNAUTHORIZED"] = 0
omt66
  • 4,765
  • 1
  • 23
  • 21
  • 1
    Thank you! I should have updated my question as this was exactly what I needed when I fixed this a while back. In my code, it has object notation like this: `process.env.NODE_TLS_REJECT_UNAUTHORIZED = "0";` – Clifton Labrum Dec 11 '18 at 17:07
  • 1
    better use this workaround to make it more specific to the request, rather than open the doors for all requests. https://stackoverflow.com/a/59944400/8683679 – Ernst Zwingli May 05 '20 at 07:24
7

Hosting has probably some issue with list of certificate authorities... as a workaround you could try to ignore certificate validity.

const fetch = require('node-fetch')
const https = require('https')
const express = require('express')
const app = express()

const agent = new https.Agent({
  rejectUnauthorized: false
})

//-- HTTP --
app.get('/test-no-ssl', function(req, res){
  fetch('http://jsonplaceholder.typicode.com/users')
    .then(res => res.json())
    .then(users => {
      res.send(users)
    }).catch(function(error) {
    res.send(error)
  })
})

//-- HTTPS --
app.get('/test-ssl', function(req, res){
  fetch('https://jsonplaceholder.typicode.com/users', { agent })
    .then(res => res.json())
    .then(users => {
      res.send(users)
    }).catch(function(error) {
    res.send(error)
  })
})

app.listen(3003, () =>
  console.log('Listening on port 3003...')
)

Note: this has security implications, making https insecure the same way as http.

m1ch4ls
  • 3,317
  • 18
  • 31
  • I appreciate your response. I tried adding the `rejectUnauthorized` bit, and it didn't help. Oddly enough, if I use a node module called **curlrequest**, I can successfully make calls to the above `https` URL. So I guess there must be something funky going on with my web host where `curl` is allowed, but other `http` requests are not. ¯\\_(ツ)_/¯ – Clifton Labrum Aug 24 '18 at 16:28
  • Same here; curl works. I think there's a difference between the root certificates curl trusts vs which ones Node.js trusts. I would like to get more info on why Node.js can't make a request if curl can. – Rich Remer Feb 23 '21 at 18:07