SSL Error: CERT_UNTRUSTED on dotCloud - node.js

I'm seeing the following error when deploying a Node.js service on dotCloud:
23:03:59.958870: [www] npm ERR! Error: SSL Error: CERT_UNTRUSTED
23:03:59.959405: [www] npm ERR! at ClientRequest.<anonymous> (/opt/node/v0.8.3/lib/node_modules/npm/node_modules/request/main.js:440:26)
23:03:59.959736: [www] npm ERR! at ClientRequest.g (events.js:185:14)
23:03:59.960068: [www] npm ERR! at ClientRequest.EventEmitter.emit (events.js:88:17)
23:03:59.960399: [www] npm ERR! at HTTPParser.parserOnIncomingClient [as onIncoming] (http.js:1445:7)
23:03:59.968852: [www] npm ERR! at HTTPParser.parserOnHeadersComplete [as onHeadersComplete] (http.js:111:23)
23:03:59.969361: [www] npm ERR! at CleartextStream.socketOnData [as ondata] (http.js:1356:20)
23:03:59.969696: [www] npm ERR! at CleartextStream.CryptoStream._push (tls.js:396:27)
23:03:59.970028: [www] npm ERR! at SecurePair.cycle (tls.js:750:20)
23:03:59.970359: [www] npm ERR! at EncryptedStream.CryptoStream.write (tls.js:131:13)
23:03:59.970694: [www] npm ERR! at Socket.ondata (stream.js:38:26)
23:03:59.971012: [www] npm ERR! If you need help, you may report this log at:
23:03:59.971299: [www] npm ERR! <http://github.com/isaacs/npm/issues>
23:03:59.971587: [www] npm ERR! or email it to:
23:03:59.971876: [www] npm ERR! <npm-#googlegroups.com>
23:03:59.972208: [www]
23:03:59.972543: [www] npm ERR! System Linux 2.6.38.2-grsec-dotcloud-ec2
23:03:59.972852: [www] npm ERR! command "node" "/opt/node/default/bin/npm" "install"
23:03:59.973251: [www] npm ERR! cwd /home/dotcloud/rsync-1388703750593/app
23:03:59.973584: [www] npm ERR! node -v v0.8.3
23:03:59.973914: [www] npm ERR! npm -v 1.1.44
23:04:00.331100: [www] npm ERR!
23:04:00.331630: [www] npm ERR! Additional logging details can be found in:
23:04:00.331955: [www] npm ERR! /home/dotcloud/rsync-1388703750593/app/npm-debug.log
23:04:00.332280: [www] npm ERR! not ok code 0
23:04:01.058860: [www] -- Build failed: "npm install" failed with return code 1

Either update your node/npm (preferred), or run npm config set ca null.
They changed certificate at npmjs.org recently because old one is expired, but your npm has old one hardcoded into it.
PS: setting strict-ssl to false is an extremely bad idea, unless you know what are you doing.

I found the following SO question that seems to suggest some of the npm packages might be using self-signed certificates, causing the error. It seems like the root fix should be with the package itself, using a registered certificate. However, as a workaround for dotCloud, you could use a pre-build hook to run the following command npm config set strict-ssl false which seemed to work in my testing.
To use this approach you'd do the following:
1) add a prebuild directive to your dotcloud.yml file. Your dotcloud yml file might look like the following:
www:
type: nodejs
approot: app
processes:
app: node app.js
config:
node_version: v0.8.x
prebuild: ./prebuild.sh # <-- prebuild directive
redis:
type: redis
2) add the prebuild.sh file to whereever your application root is. If you don't use an app root, this is just the root of your project.
3) add the following to your prebuild.sh file
#!/bin/bash
npm config set strict-ssl false

According to the npm blog, the preferred solution is to re-install npm like this:
#!/bin/bash
set -e
npm install npm#">1.4.0" -g --ca=null
That will also work on the dotCloud platform. You can use that snippet as your prebuild.sh script and then the rest of your packages should install fine. The #">1.4.0" syntax just makes it so once you have a new enough version installed, you don't keep updating unnecessarily. If you want something newer, feel free to change it. If you always want the latest version of npm, feel free to remove #">1.4.0" altogether.

Related

npm not installing packages even after proxy is set

I am trying to set up a node js based application in one of our lab servers where connectivity to internet is achieved via a proxy. The box is running Ubuntu 13.10. I have configured the network proxy and I am able to connect to internet through Firefox. For apt-get, I have configured the proxy in /etc/apt/apt.conf. This is also working.
After installing node js, when I try to do npm install -g <package> it's giving me errors. I have configured the proxy for npm too. My .npmrc looks like this: (my proxy does not require userid/password).
registry = http://registry.npmjs.org/
proxy = http://<domain>:8080/
https-proxy = http://<domain>:8080
I have tried various options found in forums, but none seems to work for me. (Like setting strict-ssl to false, using --without-ssl --insecure option etc.)
This is the error I am getting currently:
npm http GET http://registry.npmjs.org/express
npm http GET http://registry.npmjs.org/express
npm http GET http://registry.npmjs.org/express
npm ERR! Error: connect ECONNREFUSED
npm ERR! at errnoException (net.js:904:11)
npm ERR! at Object.afterConnect [as oncomplete] (net.js:895:19)
npm ERR! { [Error: connect ECONNREFUSED]
npm ERR! code: 'ECONNREFUSED',
npm ERR! errno: 'ECONNREFUSED',
npm ERR! syscall: 'connect' }
npm ERR!
npm ERR! If you are behind a proxy, please make sure that the
npm ERR! 'proxy' config is set properly. See: 'npm help config'
npm ERR! System Linux 3.11.0-12-generic
npm ERR! command "/home/<user>/apps/node-v0.10.26-linux-x86/bin/node" "/home/<user>/apps/node-v0.10.26-linux-x86/bin/npm" "install" "-g" "express"
npm ERR! cwd /home/<user>
npm ERR! node -v v0.10.26
npm ERR! npm -v 1.4.3
npm ERR! syscall connect
npm ERR! code ECONNREFUSED
npm ERR! errno ECONNREFUSED
npm ERR! stack Error: connect ECONNREFUSED
npm ERR! stack at errnoException (net.js:904:11)
npm ERR! stack at Object.afterConnect [as oncomplete] (net.js:895:19)
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! /home/<user>/npm-debug.log
npm ERR! not ok code 0
Any idea, what's going wrong here? I'm stuck with this darn thing for the day ;-(
Thanks!
I haven't been able to get a resolution for this issue, but found a work around - I bundled the packages I require on my laptop and then resorted to offline installation on the lab box. Here is how to do that:
Take for example, mongodb node module. I have it installed on my laptop where I do the development. If you open the package.json file for mongodb module, the dependencies are listed with corresponding version numbers. Mine looks like this:
"dependencies": {
"bson": "0.2.5",
"kerberos": "0.0.3"
},
Update the package.json file to include "bundledDependencies". (the position shouldn't really matter, just that it should be at the same level, as a sibling of "dependencies" in the JSON tree). This is what you need to add:
"bundledDependencies": [
"bson",
"kerberos"
],
Now, while you are within your package's directory (where the package.json file is present), run the command npm pack. That will create a tgz file for you. In my case it created mongodb-1.3.23.tgz. Just copy this file to the box where you want to install it and run npm install ./mongodb-1.3.23.tgz. That should get you through. Since all dependencies are now bundled within this .tgz file, npm won't try to connect to internet for installing any of them.
However, I would still like to know what's going wrong with my internet based installation. That's still a mystery!

SSL Error: CERT_UNTRUSTED while using npm command

I am trying to install express framework using npm command but getting following error.
error message is
E:\myFindings\nodejs_programs\node>npm install -g express
npm http GET https://registry.npmjs.org/express
npm ERR! Error: SSL Error: CERT_UNTRUSTED
npm ERR! at ClientRequest.<anonymous> (C:\Program Files\nodejs\node_modules\npm\node_modules\request\main.js:409:26)
npm ERR! at ClientRequest.g (events.js:185:14)
npm ERR! at ClientRequest.EventEmitter.emit (events.js:88:17)
npm ERR! at HTTPParser.parserOnIncomingClient [as onIncoming] (http.js:1445:7)
npm ERR! at HTTPParser.parserOnHeadersComplete [as onHeadersComplete] (http.js:111:23)
npm ERR! at CleartextStream.socketOnData [as ondata] (http.js:1356:20)
npm ERR! at CleartextStream.CryptoStream._push (tls.js:396:27)
npm ERR! at SecurePair.cycle (tls.js:751:20)
npm ERR! at EncryptedStream.CryptoStream.write (tls.js:131:13)
npm ERR! at Socket.ondata (stream.js:38:26)
npm ERR! [Error: SSL Error: CERT_UNTRUSTED]
npm ERR! You may report this log at:
npm ERR! <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR! <npm-#googlegroups.com>
npm ERR! System Windows_NT 6.1.7601
npm ERR! command "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install" "-g" "express"
npm ERR! cwd E:\myFindings\nodejs_programs\node
npm ERR! node -v v0.8.0
npm ERR! npm -v 1.1.32
npm ERR! message SSL Error: CERT_UNTRUSTED
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! E:\myFindings\nodejs_programs\node\npm-debug.log
npm ERR! not ok code 0
help me to sort out
You can bypass https using below commands:
npm config set strict-ssl false
or set the registry URL from https or http like below:
npm config set registry="http://registry.npmjs.org/"
However, Personally I believe bypassing https is not the real solution, but we can use it as a workaround.
npm ERR! node -v v0.8.0
npm ERR! npm -v 1.1.32
Update your node.js installation.The following commands should do it (from here):
sudo npm cache clean -f
sudo npm install -g n
sudo n stable
Edit: okay, if you really have a good reason to run an ancient version of the software, npm set ca null will fix the issue. It happened, because built-in npm certificate has expired over the years.
I had same problem and finally I understood that my node version is old. For example, you can install the current active LTS node version in Ubuntu by the following steps:
sudo apt-get update
curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
sudo apt-get install nodejs -y
Installation instructions for more versions and systems can be found in the following link:
https://github.com/nodesource/distributions/blob/master/README.md
I think I got the reason for the above error. It is the corporate proxy(virtual private network) provided in order to work in the client network. Without that connection I frequently faced the same problem be it maven build or npm install.
If you're behind a corporate proxy, try this setting for npm with your company's proxy:
npm --https-proxy=http://proxy.company.com install express -g
Since i stumbled on the post via google:
Try using npm ci it will be much than an npm install.
From the manual:
In short, the main differences between using npm install and npm ci are:
The project must have an existing package-lock.json or npm-shrinkwrap.json.
If dependencies in the package lock do not match those in package.json, npm ci will exit with an error, instead of updating the package lock.
npm ci can only install entire projects at a time: individual dependencies cannot be added with this command.
If a node_modules is already present, it will be automatically removed before npm ci begins its install.
It will never write to package.json or any of the package-locks: installs are essentially frozen.
Reinstall node, then update npm.
First I removed node
apt-get purge node
Then install node according to the distibution. Docs here .
Then
npm install npm#latest -g
Only recommended if you are running a very old version of node/npm where the certificates have expired or been replaced,
first run npm set ca null
then do your npm install

npm install throwing errors Error: Invalid protocol

Hi I am new to Node JS and i am trying to follow the sample in the book and when trying to do npm install i get the following error:
Any help will be highly appreciated
C:\Developer\NODE_JS>npm install
npm WARN package.json chatrooms#0.0.1 No repository field.
npm WARN package.json chatrooms#0.0.1 No README data
npm http GET http://registry.npmjs.org/socket.io
npm http GET http://registry.npmjs.org/mime
npm http GET http://registry.npmjs.org/socket.io
npm http GET http://registry.npmjs.org/mime
npm http GET http://registry.npmjs.org/socket.io
npm http GET http://registry.npmjs.org/mime
npm ERR! Error: Invalid protocol
npm ERR! at Request.init (C:\Program Files\nodejs\node_modules\npm\node_modules\request\request.js:335:51)
npm ERR! at new Request (C:\Program Files\nodejs\node_modules\npm\node_modules\request\request.js:99:8)
npm ERR! at request (C:\Program Files\nodejs\node_modules\npm\node_modules\request\index.js:55:11)
npm ERR! at RegClient.makeRequest (C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-client\lib\request.js:211:13)
npm ERR! at RegClient.<anonymous> (C:\Program Files\nodejs\node_modules\npm\node_modules\npm-registry-client\lib\request.js:117:17)
npm ERR! at null._onTimeout (C:\Program Files\nodejs\node_modules\npm\node_modules\retry\lib\retry_operation.js:32:10)
npm ERR! at Timer.listOnTimeout [as ontimeout] (timers.js:110:15)
npm ERR! If you need help, you may report this *entire* log,
npm ERR! including the npm and node versions, at:
npm ERR! <http://github.com/isaacs/npm/issues>
npm ERR! System Windows_NT 6.1.7601
npm ERR! command "C:\\Program Files\\nodejs\\\\node.exe" "C:\\Program Files\\nodejs\\node_modules\\npm\\bin\\npm-cli.js" "install"
npm ERR! cwd C:\Developer\NODE_JS
npm ERR! node -v v0.10.24
npm ERR! npm -v 1.3.21
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! C:\Developer\NODE_JS\npm-debug.log
npm ERR! not ok code 0
My Node js config is
C:\Developer\NODE_JS>npm config list
; cli configs
registry = "http://registry.npmjs.org/"
; userconfig C:\Users\<uname>\.npmrc
https-proxy = "proxy.<comp>.com:8080"
proxy = "proxy.<comp>.com:8080"
registry = "http://registry.npmjs.org/"
; builtin config undefined
prefix = "C:\\Users\\puppalap\\AppData\\Roaming\\npm"
; node bin location = C:\Program Files\nodejs\\node.exe
; cwd = C:\Developer\NODE_JS
; HOME = C:\Users\<uname>
; 'npm config ls -l' to show all defaults.
The issue got resolved after i set the following two properties:
npm config set proxy http://usr:pwd#host:port
npm config set https-proxy http://usr:pwd#host:port
Issue is due to windows http_proxy environment variable being set; while I don't use a proxy.
Following command in command prompt will display, if http_proxy is set;
set http
If set removed the variable with below command and problem solved.
set http_proxy=
Above command will remove the http_proxy from the current
command line. However, if you need to permanently remove it, just
remove it from System Properties>Advanced Tab>Environment Variables
dialog box.
Just want to share a method,the way i followed to get it resolved,
My error: was ERR! Error: Invalid protocol : myusername:
[username of the previous proxy]
where my .npmrc file
contains registry="http://registry.npmjs.org/"
and other variables[prefix,cwd,home]
As i am not behind the proxy, removed proxy variables
still got the same error
when looked into
request.js[/usr/lib/node_modules/npm/node_modules/request/request.js]
file it is using the old proxy values
Hence , i added the line in init() of request.js
self.proxy="http://registry.npmjs.org/" //at the start of method
then it started working!!!
PS: Once after install command,Removed this line and it continued to work.
Try this , if no other options are working
If you're on a Linux box make sure you set the following variables:
export http_proxy="http://yourCompanyProxy:portNumber"
export https_proxy="http://yourCompanyProxy:portNumber"
export HTTP_PROXY="http://yourCompanyProxy:portNumber"
export HTTPS_PROXY="http://yourCompanyProxy:portNumber"

Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE Phonegap Installation

I'm trying to install Phonegap in Ubuntu. The installation of NodeJS was successful, however I can't install Phonegap itself. Here is the error output of terminal:
test#test-VirtualBox:~$ sudo npm install -g phonegap
npm http GET https://registry.npmjs.org/phonegap
npm http GET https://registry.npmjs.org/phonegap
npm http GET https://registry.npmjs.org/phonegap
npm ERR! Error: UNABLE_TO_VERIFY_LEAF_SIGNATURE
npm ERR! at SecurePair.<anonymous> (tls.js:1350:32)
npm ERR! at SecurePair.EventEmitter.emit (events.js:92:17)
npm ERR! at SecurePair.maybeInitFinished (tls.js:963:10)
npm ERR! at CleartextStream.read [as _read] (tls.js:463:15)
npm ERR! at CleartextStream.Readable.read (_stream_readable.js:320:10)
npm ERR! at EncryptedStream.write [as _write] (tls.js:366:25)
npm ERR! at doWrite (_stream_writable.js:219:10)
npm ERR! at writeOrBuffer (_stream_writable.js:209:5)
npm ERR! at EncryptedStream.Writable.write (_stream_writable.js:180:11)
npm ERR! at write (_stream_readable.js:573:24)
npm ERR! If you need help, you may report this log at:
npm ERR! <http://bugs.debian.org/npm>
npm ERR! or use
npm ERR! reportbug --attach /home/test/npm-debug.log npm
npm ERR! System Linux 3.11.0-14-generic
npm ERR! command "/usr/bin/nodejs" "/usr/bin/npm" "install" "-g" "phonegap"
npm ERR! cwd /home/test
npm ERR! node -v v0.10.15
npm ERR! npm -v 1.2.18
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! /home/test/npm-debug.log
npm ERR! not ok code 0
Any help would be appreciated.
I got the same error, given I was behind a corporate firewall/proxy and my connection was passed the proxy's certificate.
In your command line run:
npm config set strict-ssl false
NOTE: that this is not best practice to blindly accept untrusted or invalid SSL certificates, which is what the command does (turn off certificate checking). You can run
npm config set strict-ssl true
to turn it back on.
ref: https://thomashunter.name/blog/npm-ssl-errors/
This can be fixed without disabling strict SSL, however it is non-trivial.
Find the certificates actually being used, likely you're behind a corporate SSL intercepting proxy. You might be able to use a browser, some CLI tool etc. I ended up running certmgr.msc in Windows as the certificates are distributed via Group policy and export as p7b files.
Convert the certificates if necessary, I used openssl tool to convert from p7b to PEM (aka .crt)
openssl pkcs7 -print_certs -inform DER -in /mnt/adam/certs/my-company-root.p7b -outform PEM -out my-company-root.crt
Merge, if there is more than one certificate, into a single PEM file, taking care to order from leaf to root.
cat my-company-leaf.crt my-company-intermediate.crt my-company-root.crt > my-company-single.crt
Configure npm at the certificate file
npm config set cafile my-company-single.crt
(or globally)
sudo npm config set -g cafile my-company-single.crt
running
npm config set strict-ssl false
solved my problem.
I'm using Vagrant (Linux precise32 Ubuntu ), and Windows 7 as host.
Thanks
in case anyone is as clumsy as me, I got UNABLE_TO_VERIFY_LEAF_SIGNATURE on npm install when I forgot to add the git+ before the url of my project.
I had
npm install --save https://myserv.er/my/project-path.git
instead of
npm install --save git+https://myserv.er/my/project-path.git
You can also disable SSL check in your code using node environment variable :
in your index.js file, add :
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
Note that this is not a good habits as it will not try to check the validity of https certificate
Make sure that root has configuration properties.
When using sudo, you're running under the environment configured for root. Root may not have the same node configuration, and may not be aware of your certificates. Try passing your environment configuration to root with -E:
$ sudo -E npm install -g phonegap
It happens to me. It turned out my cooperation proxy restricted the official NPM registry, and returned a blocked HTML warning. Just updated my npm registry to cooperate one, and the problem was solved.

npm install not working

I just started learning node.js and i have installed node.js along with npm module manager.
I have created a package.json file and from the root directory iam trying to execute npm install command, instead of creating npm_modules folder it throws error like this:
C:\Users\username\Desktop\nodetest>npm install
npm WARN package.json backbone-library#0.0.1 No README.md file found!
npm http GET https://registry.npmjs.org/mongoose
npm http GET https://registry.npmjs.org/express
npm http GET https://registry.npmjs.org/path
npm http GET https://registry.npmjs.org/path
npm http GET https://registry.npmjs.org/express
npm http GET https://registry.npmjs.org/mongoose
npm http GET https://registry.npmjs.org/express
npm http GET https://registry.npmjs.org/path
npm http GET https://registry.npmjs.org/mongoose
npm ERR! Error: connect ETIMEDOUT
npm ERR! at errnoException (net.js:863:11)
npm ERR! at Object.afterConnect [as oncomplete] (net.js:854:19)
npm ERR! If you need help, you may report this log at:
npm ERR! <http://github.com/isaacs/npm/issues>
npm ERR! or email it to:
npm ERR! <npm-#googlegroups.com>
npm ERR! System Windows_NT 6.1.7600
npm ERR! command "D:\\Program Files\\nodejs\\\\node.exe" "D:\\Program Files\\no
ejs\\node_modules\\npm\\bin\\npm-cli.js" "install"
npm ERR! cwd C:\Users\username\Desktop\nodetest
npm ERR! node -v v0.10.0
npm ERR! npm -v 1.2.14
npm ERR! syscall connect
npm ERR! code ETIMEDOUT
npm ERR! errno ETIMEDOUT
npm ERR!
npm ERR! Additional logging details can be found in:
npm ERR! C:\Users\username\Desktop\nodetest\npm-debug.log
npm ERR! not ok code 0
Iam using Windows 7 OS.
Any ideas ?
Thanks,
Srinivas
This will probably solve your problem:
npm config set proxy proxy-url:port (http:\\proxy-name:port)
npm config set https-proxy proxy-url:port
It was a stuck step on my side,
the following syntax worked for me:
npm config set proxy http:/myproxyserver:port
best regards :)
You may need to use the windows "run as" command (which is equivalent to the *nix "sudo" command) in order to have the correct privileges on your machine.
This link should be helpful: https://superuser.com/questions/42537/is-there-any-sudo-command-for-windows
finally i came to know that my company laptop has proxy restrictions.Once i got the approval for proxy removal it worked.
But still ppl, who ever facing proxy issue in npm install,can try the following method.
Go to C:\Users\YourUserName
Create a file named .npmrc (no need of any prefixname just .npmrc)
Inside that file type the following
proxy = username:password#ip:port (add http:// before username)
That's all.It is perfectly working for me....
The traceroute command will usually tell you where a connection fails and would have lead you straight to the corporate proxy in this case.
Adding to the selected answer
a) "npm config set proxy proxy-url:port (http:\proxy-name:port)
b) npm config set https-proxy proxy-url:port"
make sure you add "http:\\" to your proxy name, and packages downloaded from npm use ssl so try the second option for sure.
If you are working behind a proxy, configure it:
npm config set proxy http://login:pass#host:port
Check the value of your proxy configuration:
npm config get http-proxy
Try again to get your package...

Resources