registry: Fresh certificate has incorrect expiration date

While doing bower install I get following error:

#0 1.681 bower angular-elastic#2.4.2 CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular-elastic failed: certificate has expired
ERROR: failed to solve: process "/bin/bash -o pipefail -c bower install" did not complete successfully: exit code: 1

bower.io cert looks fine, but going to https://registry.bower.io/packages/angular-elastic it shows that cert is issued today, but it expires yesterday

About this issue

  • Original URL
  • State: open
  • Created a year ago
  • Reactions: 18
  • Comments: 40 (2 by maintainers)

Most upvoted comments

any idea when this can be sorted out, CI/CD is having the cert issue with installing the bower, looking for some solution without disabling SSL

+18
khoros-chandrakala on Apr 24, 2023

Also seeing this in our CI/CD pipelines.

+10
pejorativefox on Apr 24, 2023

As I mentioned here, a temporary solution that solved the issue for us was to use the heroku-mirror rather than the regular registry.

Rather than turning off SSL we’ve set the registry parameter in the .bowerrc like this.

{
  "directory": "bower_components",
  "registry": "https://bower.herokuapp.com",
}

Not sure how permanent of a solution it is as I’ve seen it mentioned that certs for node versions <10 are discontinued now, but at least it worked for us and it sure beats turning off SSL.

+8
stormonster on Apr 26, 2023

Same here, the SSL certificate needs to be properly created and installed for https://registry.bower.io/packages/ to get this resolved:

Screenshot from 2023-04-24 15-32-11

+8
ajayarjunan on Apr 24, 2023

Would it be possible that bower somehow uses a differnt ca-cert folder than curl?

This seems to be true, but it is fixable:

export NODE_OPTIONS=--use-openssl-ca
bower install MutationObserver-shim

and it went just fine.

So for me the entire fix was:

sed -i 's/mozilla\/DST_Root_CA_X3.crt/!mozilla\/DST_Root_CA_X3.crt/g' /etc/ca-certificates.conf
update-ca-certificates
export NODE_OPTIONS=--use-openssl-ca
+7
SomeBdyElse on Apr 24, 2023

I too facing the same issue.

(node:16801) [DEP0022] DeprecationWarning: os.tmpDir() is deprecated. Use os.tmpdir() instead. Warning: Request to https://registry.bower.io/packages/angular-resource failed: certificate has expired Use --force to continue.`

+5
PankajPatel007 on Apr 24, 2023

Im experiencing this behaviour from my Jenkins CI/CD for Docker image creation. Is there any temp solution? such as alterative registry? I don’t want to disable SSL.

+4
galregev on Apr 24, 2023

Ran into the same problem, we are using node 8, can’t upgrade to new version either at least for another year.

I used this silly workaround, switch to node 12 for bower install, then change back to node 8 for gulp build:

RUN npm install
RUN npm install n -g
RUN n 12.22.9
RUN bower --allow-root install
RUN n 8.15.1
+3
hma1983 on May 10, 2023

Other solutions you might try for now are:

  • Put all dependencies in separate git repository somehow and clone them instead of running bower install
  • You can also try to disable ssl (not recommended) in .bowerrc: with { "strict-ssl": false }

In the meantime I’ll work on another solution that should fix this issue by embedding registry within Bower itself.

+3
sheerun on Apr 25, 2023

From what we have noticed, this issue seems to be happening in the servers/machines that was already performing bower commands, which has some SSL certificate caching present during the SSL handshake process. For new machines (where bower command is ran for the first time), the issue seems not present

As a temporary work around, we commented out bower command from the CI/CD process(since we do not have new packages being added at the moment) and retained a copy of the bower_components folder in the server (this is not recommended approach, but had to do this to solve a deployment blocker).

Need to find a permanant fix next day!

+3
ajayarjunan on Apr 24, 2023

bower install works for newer versions of node.

Only bower install command I execute on the newer node (for example 12), and the rest of the commands for building the project I execute on the version I need.

It worked for us.

+2
mchrapek on Apr 25, 2023

but I don’t recommend this solution, disabling SSL can be dangerous, I did this just to check if the problem is with SSL

+2
mchrapek on Apr 24, 2023

It’s true that the certificate is issued today, but its expiration date is July 23.

image

It seems to me that something wrong with the new certificate because we have the same problem:

bower angular#~1.5.0  CERT_HAS_EXPIRED Request to https://registry.bower.io/packages/angular failed: certificate has expired
+2
mchrapek on Apr 24, 2023

Having the same issue. Tried some step as below:

  1. Added “strict-ssl”: false to bowerrc file.
  2. Ran bower install.
  3. Delete downloaded bower components.
  4. Removed “strict-ssl”: false from bowerrc file.
  5. Ran bower install again.

Worked for me!!!

+1
amanneesharma on Apr 26, 2023

As @mchrapek mentioned here:- https://github.com/bower/bower/issues/2608#issuecomment-1519835378, adding "strict-ssl": false to .bowerrc file made it worked

Edit: This is not a recommended approach, but for testing only.

+1
ajayarjunan on Apr 24, 2023
Read more comments on GitHub
← bower: Update command: not working at all
vscode-as3mxml: Can't debug the application →