gyp ERR! stack Error: unable to get local issuer certificate

[sarangkatare]

• node -v v8.9.1 node-gyp -v v3.6.2:
• windows 10:
• Subsystem:

I am facing this issue I searched on internet almost 2 days but my issue is not resolved can anyone help me Below I am attesting what error I am facing I did everything what I searched on net.

npm install

[email protected] install C:\Users\sKatare\Desktop\product\node_modules\oracledb
node-gyp rebuild

C:\Users\sKatare\Desktop\product\node_modules\oracledb>if not defined npm_config_node_gyp (node "C:\Users\sKatare\AppData\Roaming\npm\node_modules\npm\bin\node-gyp-bin\....\node_modules\node-gyp\bin\node-gyp.js" rebuild ) else (node "" rebuild )
gyp WARN install got an error, rolling back install
gyp ERR! configure error
gyp ERR! stack Error: unable to get local issuer certificate
gyp ERR! stack at TLSSocket. (_tls_wrap.js:1103:38)
gyp ERR! stack at emitNone (events.js:106:13)
gyp ERR! stack at TLSSocket.emit (events.js:208:7)
gyp ERR! stack at TLSSocket._finishInit (_tls_wrap.js:637:8)
gyp ERR! stack at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:467:38)
gyp ERR! System Windows_NT 10.0.14393
gyp ERR! command "C:\Program Files\nodejs\node.exe" "C:\Users\sKatare\AppData\Roaming\npm\node_modules\npm\node_modules\node-gyp\bin\node-gyp.js" "rebuild"
gyp ERR! cwd C:\Users\sKatare\Desktop\product\node_modules\oracledb
gyp ERR! node -v v8.9.1
gyp ERR! node-gyp -v v3.6.2
gyp ERR! not ok
npm WARN optional SKIPPING OPTIONAL DEPENDENCY: [email protected] (node_modules\fsevents):
npm WARN notsup SKIPPING OPTIONAL DEPENDENCY: Unsupported platform for [email protected]: wanted {"os":"darwin","arch":"any"} (current: {"os":"win32","arch":"x64"})

npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! [email protected] install: node-gyp rebuild
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the [email protected] install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:

[bnoordhuis]

Are you behind a proxy? What does npm config get print?

[sarangkatare]

Thank you so much for your reply@bnoordhuis Yes I am behind the proxy I did everything.Still my issue is not resolve.I downgrade node version to 6.9.4 but still not resolve when i did npm config get I got this.Can you help me.

; cli configs
metrics-registry = "http://registry.npmjs.org/"
scope = ""
user-agent = "npm/5.5.1 node/v6.9.4 win32 x64"

; userconfig C:\Users\sK.npmrc
NODE_TLS_REJECT_UNAUTHORIZED = "0"
cafile = "C:\Users\sKa\.windows-build-tools\python27\Lib\site-packages\pip\_vendor\requests\cacert.pem"
https_proxy = "http://userid:password%[email protected]:8080/"
msvs_version = "2015"
proxy = "http://userid:password%[email protected]:8080/"
python = "python2.7"
registry = "http://registry.npmjs.org/"
strict-ssl = false

; globalconfig C:\Users\sK\AppData\Roaming\npm\etc\npmrc
msvs_version = "2015"
registry = "http://registry.npmjs.org/"

; builtin config undefined
prefix = "C:\Users\sK\AppData\Roaming\npm"

; node bin location = C:\Program Files\nodejs\node.exe
; cwd = C:\Users\sK\Desktop\product
; HOME = C:\Users\sK
; "npm config ls -l" to show all defaults.

[bnoordhuis]

Your company's proxy seems to use a certificate that is signed by a custom CA. Update the cafile property in your npm config or run npm install --cafile <filename> oracledb; the file should be in pem format. If you don't know what the certificate is, contact your network administrator; he or she can provide you with a copy.

Aside: I see you disabled strict-ssl. That's really not a good idea.

[bnoordhuis]

A question to you if you'll allow me:

cafile = "C:\Users\sKa.windows-build-tools\python27\Lib\site-packages\pip_vendor\requests\cacert.pem"

Did you set that yourself or did windows-build-tools do that?

[bnoordhuis]

Answered and no follow-up, closing.

[h4ndshake]

This problem is caused by the download function in the install.js file for node-gyp.

WORKAROUND: To force node-gyp to ignore self-signed certificate, you need to modify the download function so that the requestOpts Object includes the following variable:

rejectUnauthorized: false

The install.js file can be found here:

%APPDATA%\npm\node_modules\npm\node_modules\node-gyp\lib\install.js

The patched function looks like this:

function download (gyp, env, url) {
  log.http('GET', url)

  var requestOpts = {
      uri: url
    , headers: {
        'User-Agent': 'node-gyp v' + gyp.version + ' (node ' + process.version + ')'
      },
	  rejectUnauthorized: false
  }

  var cafile = gyp.opts.cafile
  if (cafile) {
    requestOpts.ca = readCAFile(cafile)
  }

  // basic support for a proxy server
  var proxyUrl = gyp.opts.proxy
              || env.http_proxy
              || env.HTTP_PROXY
              || env.npm_config_proxy
  if (proxyUrl) {
    if (/^https?:\/\//i.test(proxyUrl)) {
      log.verbose('download', 'using proxy url: "%s"', proxyUrl)
      requestOpts.proxy = proxyUrl
    } else {
      log.warn('download', 'ignoring invalid "proxy" config setting: "%s"', proxyUrl)
    }
  }

  var req = request(requestOpts)
  req.on('response', function (res) {
    log.http(res.statusCode, url)
  })

  return req
}

[bnoordhuis]

Sorry, but that's terrible advice. If you have a self-signed certificate, you might as well stop using HTTPS; it offers no security. If the certificate is signed by a self-signed CA, use the --cafile option.

[fantagons]

Hi guys,
I had this error. The only thing I did that fixed my problem was going to crtmgr.msc in Windows to remove my self-signed certificate I just created moments ago for a different reason. That solved the problem.

Thanks again for your help (keep up the good work and be patient)

[bn3t]

If people still come here with this error, this is what solved it for me:

$ sudo npm install -g node-gyp
$ node-gyp configure

Note: node-gyp configure can give an error gyp: binding.gyp not found, but it's ok.

I can clearly reproduce the behavior, if I reset my local environment:

$ rm -rf ~/.node-gyp ~/.npm ~/.config
$ rm -rf node_modules &&  npm i # Fails with: gyp ERR! stack Error: unable to get local issuer certificate
$  node-gyp configure
$ rm -rf node_modules &&  npm i  # Happily does all the c/c++ building and so forth

[SamFarrington]

If people still come here with this error, this is what solved it for me:

$ sudo npm install -g node-gyp
$ node-gyp configure

Note: node-gyp configure can give an error gyp: binding.gyp not found, but it's ok.

I can clearly reproduce the behavior, if I reset my local environment:

$ rm -rf ~/.node-gyp ~/.npm ~/.config
$ rm -rf node_modules &&  npm i # Fails with: gyp ERR! stack Error: unable to get local issuer certificate
$  node-gyp configure
$ rm -rf node_modules &&  npm i  # Happily does all the c/c++ building and so forth

Thanks for this, it has also worked for me on my Windows dev machine.

Any idea as to how/why this works?

I am having the same issue trying to install in a docker container and running node-gyp configure is breaking the build by returning a -1 error code (the binding.gyp not found issue you mentioned)

[Symbolk]

If people still come here with this error, this is what solved it for me:

$ sudo npm install -g node-gyp
$ node-gyp configure

Note: node-gyp configure can give an error gyp: binding.gyp not found, but it's ok.
I can clearly reproduce the behavior, if I reset my local environment:

$ rm -rf ~/.node-gyp ~/.npm ~/.config
$ rm -rf node_modules &&  npm i # Fails with: gyp ERR! stack Error: unable to get local issuer certificate
$  node-gyp configure
$ rm -rf node_modules &&  npm i  # Happily does all the c/c++ building and so forth

Thanks for this, it has also worked for me on my Windows dev machine.

Any idea as to how/why this works?

I am having the same issue trying to install in a docker container and running node-gyp configure is breaking the build by returning a -1 error code (the binding.gyp not found issue you mentioned)

I guess that node-gyp does not work properly behind a proxy without the certificate configured, so you can provide the certificate with:
node-gyp configure --cafile="/path/to/mycafile.pem"

Also see: https://stackoverflow.com/questions/33293960/how-to-setup-node-gyp-behide-a-proxy

[Symbolk]

Another dirty but simply works solution:
For Windows:
set NODE_TLS_REJECT_UNAUTHORIZED=0
For Linux/macOS or git-bash on Windows:
export NODE_TLS_REJECT_UNAUTHORIZED=0

[gigajoules]

Having tried everything here, I am still getting the error:

gyp ERR! stack Error: unable to get local issuer certificate
gyp ERR! stack     at TLSSocket.onConnectSecure (_tls_wrap.js:1058:34)
gyp ERR! stack     at TLSSocket.emit (events.js:198:13)
gyp ERR! stack     at TLSSocket._finishInit (_tls_wrap.js:636:8)
gyp ERR! System Windows_NT 10.0.17134
gyp ERR! command "C:\\Program Files\\nodejs\\node.exe" "C:\\Users\\jh143816\\AppData\\Roaming\\nvm\\v10.16.3\\node_modules\\npm\\node_modules\\node-gyp\\bin\\node-gyp.js" "configure" "--fallback-to-build" "--module=C:\\Users\\jh143816\\AppData\\Roaming\\npm\\node_modules\\node-red\\node_modules\\bcrypt\\lib\\binding\\bcrypt_lib.node" "--module_name=bcrypt_lib" "--module_path=C:\\Users\\jh143816\\AppData\\Roaming\\npm\\node_modules\\node-red\\node_modules\\bcrypt\\lib\\binding" "--napi_version=4" "--node_abi_napi=napi" "--napi_build_version=0" "--node_napi_label=node-v64" "--python=C:\\Users\\jh143816\\.windows-build-tools\\python27\\python.exe"
gyp ERR! cwd C:\Users\jh143816\AppData\Roaming\npm\node_modules\node-red\node_modules\bcrypt
gyp ERR! node -v v10.16.3
gyp ERR! node-gyp -v v3.8.0

[yogeshpatil143]

You can add below in Project directory Command Prompt

-npm config set strict-ssl false

It's work 100%

[aschaepper]

Hello together

I also had a similar issue but it would be very interessting to know what this "gyp" component really wants. The errormessage says:
"gyp ERR! stack Error: unable to get local issuer certificate"

It would be interessting to know:

• What type of certificate the own one or trusted CA?
• In which format, what encryption and algorythms does it expect in the file itself?
• Where should it be on the local file path resp. where does it expect this cert to be?
• Or if its not a local file path, is it neccessary that the "gyp" component has internet access to a CA to check it?
• Others mentioned that it needs to be a .pem file, is it the only option or does it scan like other software components, and why not a .cer? (Ok the why could maybe ommited)

Its very unclear from the answers what this component actually wants, and as you already pointet out just deactivating ssl ist not a solution. And for my personal interesset it would also be good to know "what Im doing" instead of just copying stuff or inserting commands I have no clue what they do.

I hope I can find the solution by research, for other people it could be interessting to post it here this is still the first hit in the internet when googling the error.

[PaulWieland]

My company uses ZScaler for internet traffic proxy & monitoring.

In addition to declaring http_proxy and https_proxy variables, I also had to get the intermediate certificate and declare an environment variable NODE_EXTRA_CA_CERTS=/path/to/ZScaler.pem.

These proxies are really insecure as they are breaking the SSL chain (from what I can tell it's basically doing a man in the middle attack), but I'm not in charge of corporate IT security, so...

[rajbir123]

Do this first:
For Windows:
set NODE_TLS_REJECT_UNAUTHORIZED=0
For Linux/macOS or git-bash on Windows:
export NODE_TLS_REJECT_UNAUTHORIZED=0

even u getting the error then do this:
In ur ubuntu go to ur cd home/your_username and find hidden file via in the terminal > ls -al
run this vim ~/.yarnrc
and add this in the file --> strict-ssl false

[zioalex]

Or you can run node with the option --use-openssl-ca , assuming that you properly configured the ssl ca with something like:

get -qP /usr/local/share/ca-certificates http://your_local_cert/local_ca.pem\
    && update-ca-certificates

[SzymonSliwinski]

Hi, got the same error none of above helped. Maybe someone have other solution?

[icholy]

For anyone using ZScaler, the workaround is to use the "disable for 30 seconds" option.

[mainisameer]

We are getting the error when using an electron application to connect to our server. Windows 10 computer , our package is build in electron 16.0.7

[gufeng0]

When I used npm install -g curlconverter --verbose, I encountered an error npm error gyp http fetch GET https://nodejs.org/download/release/v22.2.0/node-v22.2.0-headers.tar.gz attempt 1 failed with UNABLE_TO_GET_ISSUER_CERT_LOCALLY. I resolved this issue by using npm install -g curlconverter --verbose --cafile="/usr/local/Cellar/ca-certificates/2024-03-11/share/ca-certificates/cacert.pem".