devnull.land

Miscellaneous bits and bobs from the tech world

---

How to have Node.js trust Caddy self-signed certificate

7/12/2023, 1:40:51 PM

---

Caddy has a neat feature where all routes automatically come with HTTPS enabled. Caddy achieves this by self-signing its own certificate via a certificate authority that is (or can be) added to the system CA list.

However, Node.js comes bundled with its own certificate authority list, so even if Caddy's CA is added to the system, Node won't allow it.

Here's how to allow calls to local https services served by Caddy:

1. If needed, run caddy trust as root to install the Root CA.
2. Run node with the environment variable NODE_EXTRA_CA_CERTS and point it to the local CA file.
   • Not sure what that is? Maybe you're on Debian or a derivative (e.g. Ubuntu, Pop!_OS, etc.): NODE_EXTRA_CA_CERTS=/etc/ssl/certs/ca-certificates.crt

That's it.

References

1. https://github.com/nodejs/node/issues/3159