Node.js request CERT_HAS_EXPIRED

by

The best way to fix this:

Renew the certificate. This can be done for free using Greenlock which issues certificates via Let’s Encrypt™ v2

A less insecure way to fix this:

'use strict';

var request = require('request');
var agentOptions;
var agent;

agentOptions = {
  host: 'www.example.com'
, port: '443'
, path: "https://stackoverflow.com/"
, rejectUnauthorized: false
};

agent = new https.Agent(agentOptions);

request({
  url: "https://www.example.com/api/endpoint"
, method: 'GET'
, agent: agent
}, function (err, resp, body) {
  // ...
});

By using an agent with rejectUnauthorized you at least limit the security vulnerability to the requests that deal with that one site instead of making your entire node process completely, utterly insecure.

Other Options

If you were using a self-signed cert you would add this option:

agentOptions.ca = [ selfSignedRootCaPemCrtBuffer ];

For trusted-peer connections you would also add these 2 options:

agentOptions.key = clientPemKeyBuffer;
agentOptions.cert = clientPemCrtSignedBySelfSignedRootCaBuffer;

Bad Idea

It’s unfortunate that process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'; is even documented. It should only be used for debugging and should never make it into in sort of code that runs in the wild. Almost every library that runs atop https has a way of passing agent options through. Those that don’t should be fixed.

More Related Contents:

  1. Removing nested promises
  2. Download a file from NodeJS Server using Express
  3. Make Axios send cookies in its requests automatically
  4. Start script missing error when running npm start
  5. HTTP GET Request in Node.js Express
  6. How to get a URL parameter in Express?
  7. How to search in array of object in mongodb
  8. Pass variables to JavaScript in ExpressJS
  9. Passing variables to the next middleware using next() in Express.js
  10. How do I ungzip (decompress) a NodeJS request’s module gzip response body?
  11. socket.io.js not found
  12. Handling errors in express async middleware
  13. Nodejs express and promises not doing what I expect
  14. What does “./bin/www” do in Express 4.x?
  15. Why is PassportJS in Node not removing session on logout
  16. Difference between readFile() and readFileSync()
  17. How do I get the domain originating the request in express.js?
  18. Running an Express server middleware alongside Nuxt
  19. What are express.json() and express.urlencoded()?
  20. Read json file content with require vs fs.readFile
  21. Node.js POST causes [Error: socket hang up] code: ‘ECONNRESET’
  22. stop all instances of node.js server
  23. Handlebars: Access has been denied to resolve the property “from” because it is not an “own property” of its parent
  24. How to fix ‘$(…).click is not a function’ in Node/Cheerio
  25. require(‘babel/register’) doesn’t work
  26. Sessions won’t save in Node.js without req.session.save()
  27. node.js, express, how to get data from body form-data in post request
  28. Sending whole folder content to client with express
  29. Changing a buffer from a ReadStream into an actual file
  30. How to structure a express.js application?

Leave a Comment