Fresh certificate has incorrect expiration date #304
Comments
lukasz-gladek-av
changed the title
|
It's true that the certificate is issued today, but its expiration date is July 23.
It seems to me that something wrong with the new certificate because we have the same problem: |
|
I too facing the same issue.
|
|
Also seeing this in our CI/CD pipelines. |
|
Same here, the SSL certificate needs to be properly created and installed for https://registry.bower.io/packages/ to get this resolved:
|
|
As @mchrapek mentioned here:- bower/bower#2608 (comment), adding Edit: This is not a recommended approach, but for testing only. |
|
but I don't recommend this solution, disabling SSL can be dangerous, I did this just to check if the problem is with SSL |
|
Im experiencing this behaviour from my Jenkins CI/CD for Docker image creation. |
|
any idea when this can be sorted out, CI/CD is having the cert issue with installing the bower, looking for some solution without disabling SSL |
|
From what we have noticed, this issue seems to be happening in the servers/machines that was already performing bower commands, which has some SSL certificate caching present during the SSL handshake process. For new machines (where bower command is ran for the first time), the issue seems not present As a temporary work around, we commented out bower command from the CI/CD process(since we do not have new packages being added at the moment) and retained a copy of the Need to find a permanant fix next day! |
|
Hello Guys, any solution for this? I Had the same on CircleCI: bower invalid-meta for:/root/project/watson2/bower.json Exited with code exit status 1 In my Steps I run: steps:
|
|
Same issues here, setting |
|
I'm having the same issue in our Jenkins pipeline. |
|
I have the same issue in a CI pipeline. Its an oudated node and bower version curl had the same issue: I fixed the issue for curl by removing an invalid itermediary cert: sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates
curl https://registry.bower.io/packages/MutationObserver-shim
# {"name":"MutationObserver-shim","url":"https://github.com/megawac/MutationObserver.js.git"}But bower still has the same issue: Would it be possible that bower somehow uses a differnt ca-cert folder than curl? |
This seems to be true, but it is fixable: and it went just fine. So for me the entire fix was: |
|
Same issue here with Heroku builds today. |
|
For us fix was only: export NODE_OPTIONS=--use-openssl-ca ,cuz we use azure k8s builder |
|
node 7.10.1 on Ubuntu 22.04. None of bellow doesn't work. Tried with: Then I tried Added |
I think NODE_OPTIONS needs node 8+ |
|
The certificate is fine, and it seems most of issues are related to using old version of Node, otherwise they can be solved by setting But true solution is to stop using Bower as it is for a very long time deprecated software. If you want modern alternative with file locking (extremely important for security and long-term maintenance as there is no easy way to pin whole tree of dependencies for Bower, only top level ones), please follow this guide to migrate to Yarn. It's pretty simple as there is helper command: https://bower.io/blog/2017/how-to-migrate-away-from-bower/ If bower-away doesn't work for you for some reason, please send pull request with fix :) |
You are right. I'll se how high I can go from prehistoric 7.2.1. And if there are problems then it seems that recompiling node itself is going to be the only option. Migrating away and/or upgrading this is not an option for at least another 12 months. |
|
Other solutions you might try for now are:
In the meantime I'll work on another solution that should fix this issue by embedding registry within Bower itself. |
We cannot use any of the workarounds suggested here so far. May I know how long will it take for the "another solution" that you are working on to be out? |
That fixed it for me, thanks ! (Docker node) |
|
For now it seems that I could upgrade up to node 9.11.2. And with that NODE_OPTIONS work. Things build, QA is in progress. The rest will have to wait |
|
Same issue, running from GitHub actions on windows-latest, with node 8.12 (yeah, i know). Halp pls |
|
Only It worked for us. |
|
Having the same issue.
Worked for me!!! |
Hi @sheerun , Is there any update on the fix that you were working on? |
+1, is there any ETA on this fix. |
|
As I mentioned here, a temporary solution that solved the issue for us was to use the heroku-mirror rather than the regular registry. Rather than turning off SSL we've set the Not sure how permanent of a solution it is as I've seen it mentioned that certs for node versions <10 are discontinued now, but at least it worked for us and it sure beats turning off SSL. |
|
I'm trying to keep a legacy app building, one that uses old versions of node and bower. I can't at the moment upgrade either of them. These build on Windows build agent computers. Most of the solutions listed here are for linux build systems, so I can't do any of those. We have a couple dozen ".bowerrc" files in the build, and adding some lines to those files is possible. I've seen two possible temporary solutions listed in this thread. Thanks very much to the folks who suggested them. The two choices open to me seem to be to either add this line:
Or to add this line:
Both seem risky. Can someone please help me understand which one is riskier? Keep in mind that I'm completely inexperienced in Bower, NPM, Ember, and the other technologies that this app is built with (I'm a C# guy normally). The first option, as I understand it, would make it possible for us to retrieve some of our modules from sites with expired SSL certificates, but at least we'd be getting those files from the same places as we did before. I've tried that one and it works as a temporary fix. The second, seems like we'd be changing the place where we get the files from, which to me sounds much riskier. Does anyone have an opinion on this? Thanks! |
|
@tfabris how old is the Ember app? It shouldn't take too much work to remove Bower and get ember-auto-import working which was designed to replace it in v3 of Ember. Other options include using Docker to build the app for deploy and setting the version of node to something like "FROM node:14-alpine as ember" Using "strict-ssl": false is a working option, disables certs obviously but its probably the quickest option in the short term. |
|
@mattsputnikdigital thanks for that information. The ember app is years old and the people who knew how to maintain its build system are no longer with the company. Replacing the build system with a new one certainly "sounds" simple but keep in mind that I have no idea how it works, like, at all. I'm also thinking that "strict-ssl": false seems like the better option, because I looked at the herokuapp.com cert and it expires next year anyway thus it would just kick the can down the road a bit. |
Yes if you can accept the risk of the "strict-ssl": false then it would be fine. If you need help with Ember my company manages lots of older Ember sites and could probably get it working without Bower for you if you need assistance. |
|
@mattsputnikdigital Thanks so much for your help and advice. That's a kind offer to help us out. If we decide to go that route I'll ping you. |
|
Still facing issues |
|
14:22:14 bower angular-recaptcha#4.2.0 CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-recaptcha failed: certificate has expired |
You need to either update node to a version which works, I believe over 10 or set "strict-ssl": false I do not think this is going to be fixed otherwise. |
Our company was able to get passed this by upgrading to node 18 |
|
Ran into the same problem, we are using node 8, can't upgrade to new version either at least for another year. I used this silly workaround, switch to node 12 for bower install, then change back to node 8 for gulp build: |
and others
While doing
bower installI get following error:bower.io cert looks fine, but going to https://registry.bower.io/packages/angular-elastic it shows that cert is issued today, but it expires yesterday
The text was updated successfully, but these errors were encountered: