bower: CERT_HAS_EXPIRED certificate has expired is thrown when I'm trying to update sinon package

When I added SSL disabling configuration "strict-ssl": false to .bowerrc file, everything fetched fine idk, something is wrong with the certificate 🙄

Edited: (I don’t recommend this solution as production solution, disabling SSL can be dangerous, I did this just to check if the problem is with SSL)

We’re in a position where we can’t upgrade the application for various reasons, but instead of turning off ssl in .bowerrc using "strict-ssl": false we managed to solve it by pointing the registry to what I have now been told is a deprecated alternate mirror (thanks @wsergent) understand is the “new default” (someone please correct me here if I’m wrong, I read it somewhere but can’t remember where).

{
  "directory": "bower_components",
  "registry": "https://bower.herokuapp.com",
}

Hi, I am getting “CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-aria failed: certificate has expired”. while doing bower install. Please suggest what could be the reason of it.

I found a workaround that was installing the bower with node 12, without changing my current version of node, running npx -p node@12 bower install. Hope it helps!

We brought it back to work by prefixing the following env-variable: NODE_OPTIONS=–use-openssl-ca

NODE_OPTIONS=--use-openssl-ca bower install

As to refer to https://github.com/bower/registry/issues/304#issuecomment-1520524290

We’re in a position where we can’t upgrade the application for various reasons, but instead of turning off ssl in .bowerrc using "strict-ssl": false we managed to solve it by pointing the registry to what I understand is the “new default” (someone please correct me here if I’m wrong, I read it somewhere but can’t remember where).

{
  "directory": "bower_components",
  "registry": "https://bower.herokuapp.com",
}

Thank you for this solution, this worked for us for now, but I would treat it only as a temporary workaround (though better than disabling SSL). According to this tweet from 2017, bower.herokuapp.com was deprecated in favour of registry.bower.io - so I think you have your ‘new default’ understanding backwards.

Either way, it worked for now!

I’m having the same problem as well; is there any news on when the cert will be fixed?

Hello Guys,

The same problem here. It worked only by disabling “strict-ssl”: false in .bowerrc file but it doesn’t a good idea. Waiting for a better solution 😦

I’m curious. What are peoples reason for using Bower instead of NPM in 2023? Genuinely curious.

Adding SSL disabling configuration to .bowerrc file works for me.

{
  "directory": "bower_components",
  "registry": "https://registry.bower.io",
  "strict-ssl": false
}

Similar issue is open in the bower/registry repository: https://github.com/bower/registry/issues/304

look mate, not bashing, some of us guys might be untouched with reality, and stuck in time, we all or should have taken point to migrate. yes we heard it all, let’s just help the community to answer their needs for help. and yes to need to update. yes to the need to migrate.

Yes, but not every system can be updated in a easy way, some companies strugle with daily problems and need to solv them to survive, int the ideal world the migration is easy and fast, but in reality the variables are greater.

Yes, well, I renamed the folder because I was scared of losing the files 😅

A $20 bounty has been put on this issue over at bountyhunt.io.

Top contributors:

• $20 by @ffMathy

Hi,

Adding SSL disabling configuration to .bowerrc file works for me. It was not necessary add directory, in my project it is otherwise.

{ “registry”: “https://registry.bower.io”, “strict-ssl”: false }

Solution provided by @stormonster worked for me. Thank you!

bower install works for newer versions of node.

Only bower install command I execute on the newer node (for example 12), and the rest of the commands for building the project I execute on the version I need.

It worked for us.

@chhn03 I see that the Bower certificate was renewed on Monday, 24 April 2023 at 03:43:54. bower install works on my machine, but Bitbucket pipelines (dockerized) is failing with the same CERT_HAS_EXPIRED error. Still trying to figure out why the certificate isn’t renewed automatically there…

Hi,

Thank you, I will test your solution.

I did it the way my friend went to release the Deploy.

I’m curious. What are peoples reason for using Bower instead of NPM in 2023? Genuinely curious.

@ffMathy legacy app, it’s being migrated to a new system. I gave the devs grief for not keeping these dependencies up to date though. 😉

@mchrapek any solution for this, except disabling SSL?

Yes, it still works after that:

$ bower cache clean

bower deleted       Cached package angular-bootstrap: /Users/christiaanscheermeijer/.cache/bower/packages/060f2023684d502403f2380d2be22dba/1.3.2
bower deleted       Cached package angular: /Users/christiaanscheermeijer/.cache/bower/packages/060a9fe0e60a0d3d6c9ed350cde03e61/1.5.8
bower deleted       Cached package angular: /Users/christiaanscheermeijer/.cache/bower/packages/060a9fe0e60a0d3d6c9ed350cde03e61/1.2.32
...

$ bower install

bower angular-cookies#1.5.8 not-cached https://github.com/angular/bower-angular-cookies.git#1.5.8
bower angular-cookies#1.5.8    resolve https://github.com/angular/bower-angular-cookies.git#1.5.8
bower angular-mocks#1.5.8   not-cached https://github.com/angular/bower-angular-mocks.git#1.5.8
bower angular-mocks#1.5.8      resolve https://github.com/angular/bower-angular-mocks.git#1.5.8
bower angular-gettext#~0.2.4       not-cached https://github.com/rubenv/angular-gettext.git#~0.2.4
bower angular-gettext#~0.2.4          resolve https://github.com/rubenv/angular-gettext.git#~0.2.4
...