julianlam/nodejs-trust-caddy-certificate-authority.md

Last active July 12, 2023 18:06

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/julianlam/1cbc48911d4ee5b2b7c42364978664f5.js"></script>
Save julianlam/1cbc48911d4ee5b2b7c42364978664f5 to your computer and use it in GitHub Desktop.

Download ZIP

How to have Node.js trust Caddy self-signed certificate #blog

Raw

nodejs-trust-caddy-certificate-authority.md

Caddy has a neat feature where all routes automatically come with HTTPS enabled. Caddy achieves this by self-signing its own certificate via a certificate authority that is (or can be) added to the system CA list.

However, Node.js comes bundled with its own certificate authority list, so even if Caddy's CA is added to the system, Node won't allow it.

Here's how to allow calls to local https services served by Caddy:

If needed, run caddy trust as root to install the Root CA.
Run node with the environment variable NODE_EXTRA_CA_CERTS and point it to the local CA file.
- Not sure what that is? Maybe you're on Debian or a derivative (e.g. Ubuntu, Pop!_OS, etc.): NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt

That's it.

References

nodejs/node#3159

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment