The errors "UNABLE_TO_GET_ISSUER_CERT_LOCALLY" or "unable to get local issuer certificate" generally emerge when an SSL certificate cannot be verified or confirmed due to the lack of the issuers' CA certificates (locally). To resolve this, you would need to add the CA certificates to your account and configure npm and/or yarn to use those.

Generally, the CA certificates extracted from Mozilla should be enough, as they cover all common issuers. These can be found here: https://curl.se/docs/caextract.html

Open the SSH Console

This article presumes that you already have SSH access available, as it's usually required to manage Node.js. If not, please contact our technical support department to have SSH access enabled first.

Login via SSH to your account with your preferred SSH client (Recommended SSH Clients), or open the Terminal in cPanel.

Add the CA Certificates

In this example, we will create the folder .certs in which we'll save the CA certificates.

Create the .certs folder:

mkdir ~/.certs

Download the CA certificates file:

wget -q https://curl.haxx.se/ca/cacert.pem -O ~/.certs/cacert.pem

Updating the CA Certificates

The CA certificates need to be updated on a regular basis. You can add a cron job for the command wget -q https://curl.haxx.se/ca/cacert.pem -O ~/.certs/cacert.pem to run every month, for example. This way you'd no longer need to update the CA certificates manually.

Enter the Node.js Virtual Environment

Before you can update the npm configuration, you need to enter the virtual environment of your Node.js application. You can find the command for this in cPanel under Node.js Selector, click on the "Edit the application" button next to your application, and then you'll see the command on the next page. Copy the command and run it in the SSH console.

Update the npm Configuration

Now we need to update the npm configuration to use those certificates. For every new and existing Node.js project, you need to update the npm cafile setting with the following command:

npm config set cafile "~/.certs/cacert.pem"

Test npm

To confirm that npm actually works with the updated CA certificates:

npm ping

You should get a response similar to this:

npm notice PING https://registry.npmjs.org/
npm notice PONG 336ms

Update the yarn Configuration

If you use other package managers, such as yarn, you'd need to update their configuration as well. Simply replace npm with yarn for the above commands.

For example, for yarn the command to apply the CA certificates would be: yarn config set cafile "~/.certs/cacert.pem"

Updated by SP on 06/11/2023

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

Node.js Version Lifespan (Launch Date and End-of-Life)

You can find all current Node.js versions, the initial release dates and the planned end-of-life...