FIX: Self-signed certificate in certificate chain error

Vlad Turiceanu
by Vlad Turiceanu
Editor-in-Chief
0 Comments
Download PDF
Affiliate Disclosure

  • Since npm stopped automatically accepting self-signed certificates, users have started to report errors while trying to publish some packages in certain applications.
  • The error can be fixed, usually, by upgrading the package manager or use the known registrars.
  • If you want to read more about security certificate errors, take a look at our dedicated certificate errors section.
  • Feel free to explore our Troubleshooting Hub for more helpful articles.
error: self signed certificate in certificate chain

For some time now, developers encountered a SELF_SIGNED_CERT_IN_CHAIN error during installing and publishing packages in certain applications and developer tools such as Node.js, npm, or Git.

Until a few years ago, when npm for instance announced that they would no longer support self-signed certificates.

This means that the certificate verification process was no longer automatic. So developers now have to set up their application to see the self-signed certificates.


How do I fix self-signed certificate in the certificate chain?

Depending on the tool you’re using, there are a few recommendations. Some are risky, some are safe. One thing is clear, though: you should not attempt to disable the certification verification process altogether.self signed certificate in certificate chain

For Node.js

You can insert an environment variable to allow untrusted certificates using the following command at the beginning of the code:

process.env['NODE_TLS_REJECT_UNAUTHORIZED'] = 0;

This is risky and it’s not recommended to be used in production. Alternatively, use npm config set strict-ssl=false if you have to do this for many applications and you want to save repeating the process.

Users also suggest upgrading your version of Node, to fixes any existing bugs and vulnerabilities.


For npm

The recommended solution is, again, to upgrade your version of npm running one of the following:

npm install npm -g --ca=null 

npm update npm -g

Or,  tell your current version of npm to use known registrars, and after installing, stop using them:

npm config set ca ""
npm install npm -g
npm config delete ca

Some users mentioned that they only switched the registry URL from https to http:

npm config set registry="http://registry.npmjs.org/"

We hope that one of these suggestions helped you fix the problem. Should you have any recommendations, please use the comments section below.


FAQ: Read more about security certificates

  • What is a security certificate?

A security certificate is an approval from an industry-trusted third party – the certificate authority (CA). A security certificate contains information issued by a CA, indicating that the website is secured using an encrypted connection.

  • Can I trust a self-signed certificate in Chrome?

Yes, you can. Simply add the website in the list of accepted entries from the Manage Certificates menu.

  • Are security certificates frequent?

Yes, server security certificate issues are quite frequent.


Was this page helpful?
Thanks for letting us know! You can also help us by leaving a review on MyWOT or Trustpillot.
Get the most from your tech with our daily tips
Tell us why!