AI Diagnostic Summary

Error: SELF_SIGNED_CERT_IN_CHAIN

Well-Documented Error

This error matches known, documented patterns with reliable solutions.

Quick Fix (Most Common Solution)

Seeing "Error: SELF_SIGNED_CERT_IN_CHAIN"? This error can be frustrating, but it's usually fixable. It typically affects your development workflow or system. Below you'll find clear, step-by-step solutions to resolve this issue.

High confidence
What This Error Means

The server is using a self-signed certificate that Node.js does not trust.

Frequently documented in developer and vendor support forums.

Based on documented solutions and common real-world fixes.
Not affiliated with browser, OS, or device manufacturers.

New here? Learn why exact error messages matter →

Common Causes
  • Development server with self-signed cert
  • Corporate proxy with custom CA
  • Missing CA certificates
How to Fix
  1. Add custom CA to Node.js
  2. Set NODE_TLS_REJECT_UNAUTHORIZED=0 (dev only)
  3. Use proper SSL certificate

Last reviewed: April 2026 How we review solutions

Environment Differences

Corporate TLS Inspection Creates Self-Signed Certificate Errors

Self-signed certificate errors in Node.js are nearly always environment-specific: local development works, but CI servers or corporate laptops fail. The most common cause is a TLS-inspecting proxy — tools like ZScaler, BlueCoat, or Cisco Umbrella sit between the Node process and the internet, decrypting HTTPS traffic and re-signing it with their own corporate root certificate. From Node's perspective, every HTTPS connection presents a certificate not in Node's built-in CA bundle (which bundles Mozilla's trusted root list). The correct fix is to add the corporate root certificate to Node's trusted bundle via NODE_EXTRA_CA_CERTS=/path/to/corporate-cert.pem. This tells Node to trust that certificate authority in addition to the built-in ones. The certificate file should be PEM-encoded, obtainable from your IT team or by running openssl s_client -connect registry.npmjs.org:443 -showcerts through the proxy and extracting the intermediate CA certificate from the output. Setting NODE_TLS_REJECT_UNAUTHORIZED=0 is widely suggested online but creates a serious security risk: it disables ALL certificate validation, making the connection vulnerable to real man-in-the-middle attacks. Restrict this to isolated local development containers that never handle sensitive data and never use it in CI or production. On AWS services, the AWS SDK trusts the bundled Mozilla CA set by default, which bypasses corporate proxy certificate issues for AWS API calls.

Need reliable hosting?

DigitalOcean offers simple cloud infrastructure with $200 free credit for new users.

Try DigitalOcean →

We may earn a commission from tools recommended in our fixes.

Optional follow-up

Some users ask whether saving fixes for recurring errors would be useful when the same issue appears again.

Was this explanation helpful?

Explanations are based on documented fixes, real-world reports, and common system behavior. GetErrorHelp is independent and not affiliated with software vendors, device manufacturers, or service providers.
Frequently Asked Questions

Is disabling TLS check safe?

Only for development - never disable in production.

How do I add custom CA?

Use NODE_EXTRA_CA_CERTS environment variable.

Related Resources

Also Known As

Common Search Variations

Related Errors

Related Checks

Similar Errors

More Node.js Errors Errors

Browse all Node.js Errors errors →

Security Awareness

Not all error messages are what they seem. Learn to identify scams:

Trending This Week

See what errors others are searching for right now.

View trending errors →

Still Stuck?

Paste a different error message or upload a screenshot to get help instantly.

Solutions are based on commonly documented fixes and may not apply in all situations.