Skip to content
Latchkey

npm "self signed certificate in chain" in CI - Fix TLS Trust Errors

This error means npm could not verify the registry TLS certificate because the chain ends in a certificate it does not trust, usually a corporate proxy or private registry CA.

What this error means

npm install fails with self signed certificate in chain when talking to the registry. It commonly appears behind a TLS-inspecting proxy or against an internal registry using a private CA.

npm
npm ERR! code SELF_SIGNED_CERT_IN_CHAIN
npm ERR! request to https://registry.acme.internal/react failed, reason:
self signed certificate in certificate chain

Common causes

A corporate proxy or private CA is not trusted

A TLS-inspecting proxy or internal registry presents a certificate signed by a CA the runner does not have, so verification fails.

How to fix it

Trust the CA certificate

  1. Obtain the corporate or registry CA certificate.
  2. Point Node and npm at it so the chain validates.
Terminal
npm config set cafile /etc/ssl/certs/corp-ca.pem
export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/corp-ca.pem
npm ci

Avoid disabling verification

  1. Do not set strict-ssl=false as a permanent fix; it removes TLS protection.
  2. Trust the CA instead so verification still works.

How to prevent it

  • Distribute the corporate CA via NODE_EXTRA_CA_CERTS or npm cafile in your runner image, and keep TLS verification on so installs stay both working and secure.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →