Skip to content

Instantly share code, notes, and snippets.

@julianlam

julianlam/nodejs-trust-caddy-certificate-authority.md

Last active July 12, 2023 18:06
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save julianlam/1cbc48911d4ee5b2b7c42364978664f5 to your computer and use it in GitHub Desktop.
Save julianlam/1cbc48911d4ee5b2b7c42364978664f5 to your computer and use it in GitHub Desktop.
Download ZIP
How to have Node.js trust Caddy self-signed certificate #blog
Raw
nodejs-trust-caddy-certificate-authority.md

Caddy has a neat feature where all routes automatically come with HTTPS enabled. Caddy achieves this by self-signing its own certificate via a certificate authority that is (or can be) added to the system CA list.

However, Node.js comes bundled with its own certificate authority list, so even if Caddy's CA is added to the system, Node won't allow it.

Here's how to allow calls to local https services served by Caddy:

  1. If needed, run caddy trust as root to install the Root CA.
  2. Run node with the environment variable NODE_EXTRA_CA_CERTS and point it to the local CA file.
    • Not sure what that is? Maybe you're on Debian or a derivative (e.g. Ubuntu, Pop!_OS, etc.): NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt

That's it.

References

  1. nodejs/node#3159
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment