SJ19
SJ19

Reputation: 2123

NextJS getServerSideProps() "unable to verify the first certificate", "UNABLE_TO_VERIFY_LEAF_SIGNATURE"

I'm new to NextJS, I recently converted my ReactJS project to it and it worked fine. However I was still using useEffect to retrieve data. Now I'm trying to use getServerSideProps() instead, as is recommended by NextJS, but it's giving me problems.

This is my getServerSideProps()

export async function getServerSideProps() {
  const res = await axios.get(`BACKEND_URL/product/0`);
  const data = await res.data;
  return { props: { data } };
}

The API call works when I use it in React's useEffect but using the function getServerSideProps() it's giving me status 500 "UNABLE_TO_VERIFY_LEAF_SIGNATURE"

"message":"unable to verify the first certificate",
"stack":"Error: unable to verify the first certificate\n    
at TLSSocket.onConnectSecure (_tls_wrap.js:1515:34)\n    
at TLSSocket.emit (events.js:400:28)\n    
at TLSSocket._finishInit (_tls_wrap.js:937:8)\n    
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:709:12)",
"code":"UNABLE_TO_VERIFY_LEAF_SIGNATURE","status":null}

Does anyone know what it can be? My backend is accessible I checked, the url works. When I don't use getServerSideProps() the page works.

I can work around this issue by adding the following to _app.js

axios.defaults.httpsAgent = new https.Agent({
  rejectUnauthorized: false,
});

But apparantly this isn't safe to do.

Upvotes: 1

Views: 2693

Answers (2)

Salix
Salix

Reputation: 85

I had the same problem, but am working with Caddy and mkcert.

The problem was, that the intermediate certificates (CA) weren't loaded by NodeJS. The documentation of mkcert is mentioning that here, https://github.com/FiloSottile/mkcert#using-the-root-with-nodejs, you simply have to say to NodeJS that it also needs to load extra CA's with this command:

export NODE_EXTRA_CA_CERTS="$(mkcert -CAROOT)/rootCA.pem"

Upvotes: 1

SJ19
SJ19

Reputation: 2123

It was a problem with the SSL certificate. I was using the self-made one but you need the CA certificates.

I made a file with the CA certificates that I get in my Plesk panel, then I added this line in Apache and now it's fixed.

SSLCertificateChainFile C:/Users/Administrator/Desktop/cert/ca-cert.crt

This is usually not mentioned in Apache guides so hopefully I can help someone else with this solution. :)

Upvotes: 1

Related Questions