Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Error: unable to verify the first certificate if using puppeteer_download_host #5378

Closed
ghenadiibatalski opened this issue Feb 3, 2020 · 9 comments
Closed

Error: unable to verify the first certificate if using puppeteer_download_host #5378

ghenadiibatalski opened this issue Feb 3, 2020 · 9 comments
Labels
unconfirmed

Comments

@ghenadiibatalski
Copy link

ghenadiibatalski commented Feb 3, 2020
edited
Loading

We have set up nexus proxy for caching chrome binaries. puppeteer_download_host is set to the desired repo (the url is reacheable by curl). But npm i --save-dev puppeteer causes:

Error: unable to verify the first certificate

Steps to reproduce

Tell us about your environment:

  • Puppeteer version: latest stable (i think)
  • Platform / OS version: wsl2 ubuntu 18.04
  • URLs (if applicable):
  • Node.js version: 12.14.1

What steps will reproduce the problem?

Please include code that reproduces the issue.

Please note, sass_binary_site works nice over the same nexus, because CA certificates are already installed into system CA store.

What is the expected result?
Correct download of binaries from internal nexus proxy

What happens instead?
While trying to isntall npm i --save-dev puppeteer i'm getting following exception:

> puppeteer@2.1.0 install /app/node_modules/puppeteer
> node install.js

ERROR: Failed to download Chromium r722234! Set "PUPPETEER_SKIP_CHROMIUM_DOWNLOAD" env variable to skip download.
Error: unable to verify the first certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1321:34)
    at TLSSocket.emit (events.js:223:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12)
  -- ASYNC --
    at BrowserFetcher.<anonymous> (/app/node_modules/puppeteer/lib/helper.js:111:15)
    at Object.<anonymous> (/app/node_modules/puppeteer/install.js:62:16)
    at Module._compile (internal/modules/cjs/loader.js:955:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:991:10)
    at Module.load (internal/modules/cjs/loader.js:811:32)
    at Function.Module._load (internal/modules/cjs/loader.js:723:14)
    at Function.Module.runMain (internal/modules/cjs/loader.js:1043:10)
    at internal/main/run_main_module.js:17:11 {
  code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
}
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! puppeteer@2.1.0 install: `node install.js`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the puppeteer@2.1.0 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
@Raafciu
Copy link

Raafciu commented Feb 7, 2020

What is your content of .npmrc file ?

@ghenadiibatalski
Copy link
Author

ghenadiibatalski commented Feb 7, 2020
edited
Loading

cat .npmrc:

registry=https://npm.blabla/
sass_binary_site=https://nexus.blabla/raw-repo
# puppeteer_download_host=https://nexus.blabla/raw-repo  # this won't work

cat ~/.npmrc

registry=https://npm.blabla
ca[]="-----BEGIN CERTIFICATE-----\nMIIFzzCCA7egAwIBAgITKQAAAALMFYdez5sXDAAAAAAAAjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtWMkzoO8shxVfLoT77kC2ELvLGf5ljkY7l\n-----END CERTIFICATE-----"
ca[]="-----BEGIN CERTIFICATE-----\nMIIF5DCCA8ygAwIBAgIQEJKfuNvauLNBjRx07VRjSjANBgkqhkiG9w0BAQsFADAWMRQwEgYDVQQDEwtWQkwtUk9PVC1DQTAeFw0xNjExMzAxMTExMjRaFw0zMjExMzAxMTIxMjJaMBYxFDASBgNVBAMTC1ZCTC1ST09ULUNBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIjx56e6NKjE9GHIDvnaPqyUIj0G2YpCGlETIJc9Lz5o7XJ7TTYYl84ZxyCX1CselQJmUDMBC7DYnCnpGQfjskCJaQWVV2Qp4N/zcU19uxY8KVrjp7SLEx1JiJkF\n-----END CERTIFICATE-----"

@daddydrac
Copy link

I am having same problem. Any solution to this?

@spearmootz
Copy link

me too

@alexandresalome
Copy link

I discovered that you can configure Node SSL checks at runtime by specifying an environment variable to the node binary:

NODE_TLS_REJECT_UNAUTHORIZED=0 node example.js

@stale
Copy link

stale bot commented Jun 23, 2022

We're marking this issue as unconfirmed because it has not had recent activity and we weren't able to confirm it yet. It will be closed if no further activity occurs within the next 30 days.

@stale stale bot added the unconfirmed label Jun 23, 2022
@stale
Copy link

stale bot commented Jul 25, 2022

We are closing this issue. If the issue still persists in the latest version of Puppeteer, please reopen the issue and update the description. We will try our best to accomodate it!

@stale stale bot closed this as completed Jul 25, 2022
@ghenadiibatalski
Copy link
Author

Same with current version ^19.0.0 : NODE_TLS_REJECT_UNAUTHORIZED=0 works, but it can not be a solution.

@prebm-kng
Copy link

If you are behind a corporate firewall you can set the path to a CA file including the certificates so you don't have to disable the certificate validation.

$ export NODE_EXTRA_CA_CERTS=[your CA certificate file path]

See https://stackoverflow.com/a/47160447

@kylon kylon mentioned this issue Dec 23, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
unconfirmed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@alexandresalome @daddydrac @spearmootz @ghenadiibatalski @Raafciu @prebm-kng