npm "self signed certificate in chain" in CI - Fix TLS Trust Errors
This error means npm could not verify the registry TLS certificate because the chain ends in a certificate it does not trust, usually a corporate proxy or private registry CA.
What this error means
npm install fails with self signed certificate in chain when talking to the registry. It commonly appears behind a TLS-inspecting proxy or against an internal registry using a private CA.
npm
npm ERR! code SELF_SIGNED_CERT_IN_CHAIN
npm ERR! request to https://registry.acme.internal/react failed, reason:
self signed certificate in certificate chainCommon causes
A corporate proxy or private CA is not trusted
A TLS-inspecting proxy or internal registry presents a certificate signed by a CA the runner does not have, so verification fails.
How to fix it
Trust the CA certificate
- Obtain the corporate or registry CA certificate.
- Point Node and npm at it so the chain validates.
Terminal
npm config set cafile /etc/ssl/certs/corp-ca.pem
export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/corp-ca.pem
npm ciAvoid disabling verification
- Do not set strict-ssl=false as a permanent fix; it removes TLS protection.
- Trust the CA instead so verification still works.
How to prevent it
- Distribute the corporate CA via NODE_EXTRA_CA_CERTS or npm cafile in your runner image, and keep TLS verification on so installs stay both working and secure.
Related guides
npm "self-signed certificate in certificate chain" - Fix in CIFix npm "self-signed certificate in certificate chain" / UNABLE_TO_GET_ISSUER_CERT_LOCALLY in CI behind a TLS…
Node.js "self signed certificate in certificate chain" - Fix TLS in CIFix Node.js / npm "self signed certificate in certificate chain" in CI - caused by a TLS-intercepting proxy.…
Node.js "unable to verify the first certificate" - Fix Incomplete ChainsFix Node.js / npm "unable to verify the first certificate" (UNABLE_TO_VERIFY_LEAF_SIGNATURE) in CI - a server…