Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Download fails when behind SSL inspection corporate proxy

See original GitHub issue

Installation fails due to UNABLE_TO_GET_ISSUER_CERT_LOCALLY. I am behind a corporate proxy that does SSL inspection (with our own certificate authority), so I am not unused to this type of error. However, I have configured npm correctly:

PS C:\Users\ltheisen\git\facility-report-viewer-ui> npm config get cafile
C:\cygwin64\etc\pki\ca-trust\extracted\pem\tls-ca-bundle.pem

Along with the proper proxy settings:

PS C:\Users\ltheisen\git\facility-report-viewer-ui> gci env: | findstr proxy
http_proxy                     http://gatekeeper-w.mitre.org:80
https_proxy                    http://gatekeeper-w.mitre.org:80
no_proxy                       .mitre.org,.portal.local,localhost,mm206678-pc,mm206678-pc.mitre.org,127.0.0.1

And it works for normal installs. It seems like your install.js respects the https_proxy environment variable, but ignores the cafile setting. I’m not really surprised as it is an npm config and your code is built to work with npm/yarn/…, but I need a way to provide your installer with my CA file.

Steps to reproduce

Tell us about your environment:

Puppeteer version: 0.13.0
Platform / OS version: Windows 10 Enterprise
URLs (if applicable):
Node.js version: v9.3.0

What steps will reproduce the problem?

Please include code that reproduces the issue.

npm install --save-dev puppeteer

What is the expected result? Puppeteer gets installed.

What happens instead?

PS C:\Users\ltheisen\git\facility-report-viewer-ui> npm install puppeteer --save-dev

> puppeteer@0.13.0 install C:\Users\ltheisen\git\facility-report-viewer-ui\node_modules\puppeteer
> node install.js

ERROR: Failed to download Chromium r515411! Set "PUPPETEER_SKIP_CHROMIUM_DOWNLOAD" env variable to skip download.
{ Error: unable to get local issuer certificate
    at TLSSocket.onConnectSecure (_tls_wrap.js:1042:34)
    at TLSSocket.emit (events.js:159:13)
    at TLSSocket._finishInit (_tls_wrap.js:639:8) code: 'UNABLE_TO_GET_ISSUER_CERT_LOCALLY' }
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! puppeteer@0.13.0 install: `node install.js`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the puppeteer@0.13.0 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

Issue Analytics

State:
Created 6 years ago
Reactions:7
Comments:5 (2 by maintainers)

Top GitHub Comments

6reactions

aslushnikovcommented, Jan 9, 2018

@lucastheisen the tip-of-tree puppeteer is published to npm as puppeteer@next. Could you please give it a try?

npm install --save puppeteer@next

0reactions

lucastheisencommented, Jan 9, 2018

@aslushnikov , it works:

PS C:\Temp\puppeteer> npm install --save puppeteer@next

> puppeteer@1.0.0-next.1515463970965 install C:\Temp\puppeteer\node_modules\puppeteer
> node install.js

Downloading Chromium r526987 - 119.9 Mb [====================] 100% 0.0s
Chromium downloaded to C:\Temp\puppeteer\node_modules\puppeteer\.local-chromium\win64-526987
npm notice created a lockfile as package-lock.json. You should commit this file.
+ puppeteer@1.0.0-next.1515463970965
added 41 packages in 13.987s

Thank you!

Top Results From Across the Web

JetBrains Toolbox does not work behind corporate proxy

My company is breaking every ssl certificates to inspect traffic for viruses. In the logs, I've found the following: DownloadAction::replySslErrors error ...

curl: (60) SSL certificate problem: when uploading behind proxy

Go to Policy > SSL Inspection. In the Intermediate Root Certificate Authority for SSL Interception section, click Download Zscaler Root ...

The Risks of SSL Inspection - SEI Blog

Some SSL-inspecting software fails to validate the certificates of systems that it connects to. In some cases, the software may attempt to ...

Dealing with SSL Authentication on a secure Corporate Network

If you are on a secure network and the proxy will not allow to install packages when SSL is enabled you will most...

Use Certificates with HTTPS Proxy Content Inspection

Create a Certificate Signing Request (CSR) from Firebox System Manager. Make sure you select Proxy Authority (re-signing CA certificate for outbound SSL/TLS ...