cli-microsoft365: Bug report: Error adding spo site
Description
Trying to script out creation of sites in SPO, get an error when running a test command from the documentation.
Steps to reproduce
Run the below command (taken directly from the documentation here):
m365 spo site add --alias team1 --title "Team 1"
Expected results
Site is created in my tenant.
Actual results
Recieve Error: Error: unable to get local issuer certificate
Diagnostics
Executing command spo site add with options {"options":{"alias":"team1","title":"Team 1","debug":true}}
No SPO URL available. Retrieving from MS Graph…
Existing access token {authtoken} still valid. Returning…
Request:
{
"headers": {
"common": {
"Accept": "application/json, text/plain, */*"
},
"delete": {},
"get": {},
"head": {},
"post": {
"Content-Type": "application/x-www-form-urlencoded"
},
"put": {
"Content-Type": "application/x-www-form-urlencoded"
},
"patch": {
"Content-Type": "application/x-www-form-urlencoded"
},
"user-agent": "NONISV|SharePointPnP|CLIMicrosoft365/5.1.0",
"accept-encoding": "gzip, deflate",
"accept": "application/json;odata.metadata=none",
"authorization": "Bearer {authtoken}"
},
"decompress": true,
"responseType": "json",
"url": "https://graph.microsoft.com/v1.0/sites/root?$select=webUrl",
"method": "get"
}
Request error: Error: Cannot convert undefined or null to object
### CLI for Microsoft 365 version
v5.1.0
### nodejs version
v16.14.2
### Operating system (environment)
Windows
### Shell
PowerShell
### cli doctor
```json
{
"os": {
"platform": "win32",
"version": "Windows 10 Enterprise",
"release": "10.0.19042"
},
"cliVersion": "5.1.0",
"nodeVersion": "v16.14.2",
"cliAadAppId": "31359c7f-bd7e-475c-86db-fdb8c937548e",
"cliAadAppTenant": "common",
"authMode": "DeviceCode",
"cliEnvironment": "",
"cliConfig": {},
"roles": [],
"scopes": [
"AllSites.FullControl",
"AppCatalog.ReadWrite.All",
"AuditLog.Read.All",
"ChannelMember.ReadWrite.All",
"ChannelMessage.Read.All",
"ChannelMessage.Send",
"ChannelSettings.ReadWrite.All",
"Chat.Read",
"Chat.ReadWrite",
"Directory.AccessAsUser.All",
"Directory.ReadWrite.All",
"Group.ReadWrite.All",
"IdentityProvider.ReadWrite.All",
"Mail.ReadWrite",
"Mail.Send",
"Place.Read.All",
"Policy.Read.All",
"Reports.Read.All",
"ServiceHealth.Read.All",
"ServiceMessage.Read.All",
"ServiceMessageViewpoint.Write",
"Tasks.ReadWrite",
"Team.Create",
"TeamMember.ReadWrite.All",
"TeamsApp.ReadWrite.All",
"TeamsAppInstallation.ReadWriteForUser",
"TeamSettings.ReadWrite.All",
"TeamsTab.ReadWrite.All",
"TermStore.ReadWrite.All",
"User.Invite.All",
"User.ReadWrite.All",
"profile",
"openid",
"email"
]
}
Additional Info
I suspect this is related:
Running: m365 site get
Response:
{
"SpoUrl": ""
}
I expected this to return the tenant url. Running this graph call returns my tenant url as expected.
GET https://graph.microsoft.com/v1.0/sites/root?$select=webUrl
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Comments: 28 (16 by maintainers)
@jacobsian-del the error you mention
Error: unable to get local issuer certificateis different from the error you mention further downError: Cannot convert undefined or null to object. Could you please run the command with the--debugoption and share with us the full output (excluding the access token of course)? Thank you, and we appreciate your help to understand what’s going on.It’s (what I assume is) a regular tenant created on my M365 developer subscription.
Not to my knowledge, kept it to the default options on creation. Where would I go to check?
Not at all, thanks for putting up with me for something I strongly suspect is going to end up being a personal problem 😃
Some preliminary findingings, but I’m on another network at another localtion today so this should make sure I have everything covered. WIll post findings later today
Yep Standard Release.
I’ve tested from the Terminal and VS Code.
The error
Error: unable to get local issuer certificateis what i get when I run the command without the--debugoption. When I run with the--debugoption I get theError: Cannot convert undefined or null to objectmessage.Running:
m365 spo site add --alias team1 --title "Team 1"Result:Error: unable to get local issuer certificateRunning:
m365 spo site add --alias team1 --title "Team 1" --debugResult:Sorry I’ve been on vacation.
Testing the command after running
m365 cli reconsentresulted in the same message as originally reported.@garrytrinder While I’m not currently on the VPN, It’s very possible something running is intercepting traffic, but I would have expected all commands making graph requests to fail no? This is first command I’ve run into this with.
@jacobsian-del are you working behind a corporate proxy?
I have seen this issue before when using Azure CLI, which is caused by the proxy intercepting the CLI’s HTTPS traffic, decrypting and re-encrypting it with its own certificate.
We do have an open issue related to Axios, which we use to execute requests from the CLI, not supporting custom certificate CAs, I think these maybe related 👉 https://github.com/pnp/cli-microsoft365/issues/2155
@appieschot that is sooo cool 🤩 @jacobsian-del may I kindly ask you to check this 👍
@Adam-it we have a
m365 reconsentcommand that allows you to make sure all permissions are in place (https://pnp.github.io/cli-microsoft365/cmd/cli/cli-reconsent/) might be a quicker way.I checked the functionality in the latest CLI version and seems to be working ok. Seems like the problem might be connected to some local settings 🤔. If the request using graph explorer works fine (and basically CLI uses the same) lets also ensure we are using the same account for the check. May I ask you to restart from scratch and do the following steps:
m365 logoutcommandm365 logincommand and be sure to approve all needed permissionsyep comes back as expected: