adobe
localhost server not coming up while doing aem up - unable to get local issuer certificate
Description While trying to bring up the aem server on localhost:3000 it gives unable to get local issuer certificate error.
To Reproduce Steps to reproduce the behavior:
- Go to the helix project directory
- Run npm install -g @adobe/aem-cli with sudo access and this works
- Run aem up
- Then it throws an error - unable to get local issuer certificate
Expected behavior Would have expected aem server to be up on localhost:3000 as mentioned.
Screenshots
Version:
run: $ hlx --version
Additional context Setting up the local AEM franklin
Hi @tripodsan - I have tried with node 18.18.2 version and the issue remains the same.
just to mention a couple of other things that we tried with @VenkatKrishnaSN before suggesting to open an issue.
We tried disabling the verification just to see if the simulator comes up:
npm config set strict-ssl false
export NODE_TLS_REJECT_UNAUTHORIZED=0
but this didn't work either.
neither:
aem up --log-level debug
aem up --log-level silly
give any extra information.
- can you start with
NODE_DEBUG='tls,https' aem up? - or would it be possible for you to debug and see where it fails?
- is there anything special about your project? that is it's github url?
- I assume you can connect to github
@tripodsan - Below is the output for the command.
- Not sure what further steps can be followed for further debugging.
- Nothing special on our project. Looks fairly straight forward. But not sure if something blocking from our end.
- Yes we are able to connect to Github
venkatkrishna.tammin@MREM2EF37E84 servicenow % NODE_DEBUG='tls,https' aem up
___ ________ ___ __ __ v16.0.5
/ | / ____/ |/ / _____(_)___ ___ __ __/ /___ _/ /_____ _____
/ /| | / __/ / /|_/ / / ___/ / __ `__ \/ / / / / __ `/ __/ __ \/ ___/
/ ___ |/ /___/ / / / (__ ) / / / / / / /_/ / / /_/ / /_/ /_/ / /
/_/ |_/_____/_/ /_/ /____/_/_/ /_/ /_/\__,_/_/\__,_/\__/\____/_/
HTTPS 84281: createConnection [Object: null prototype] {
protocol: 'https:',
hostname: 'main--servicenow--hlxsites.hlx.page',
hash: '',
search: '',
pathname: '/fstab.yaml',
path: null,
href: 'https://main--servicenow--hlxsites.hlx.page/fstab.yaml',
method: 'GET',
compress: true,
decode: true,
headers: {
host: 'main--servicenow--hlxsites.hlx.page',
'user-agent': 'adobe-fetch/4.1.1',
accept: '*/*',
'accept-encoding': 'gzip,deflate,br'
},
body: null,
follow: 20,
redirect: 'follow',
signal: null,
agent: Agent {
_events: [Object: null prototype] {
free: [Function (anonymous)],
newListener: [Function: maybeEnableKeylog]
},
_eventsCount: 2,
_maxListeners: undefined,
defaultPort: 443,
protocol: 'https:',
options: [Object: null prototype] {
keepAlive: true,
rejectUnauthorized: true,
noDelay: true,
path: null
},
requests: [Object: null prototype] {},
sockets: [Object: null prototype] {
'main--servicenow--hlxsites.hlx.page:443::::::::true:::::::::::::': []
},
freeSockets: [Object: null prototype] {},
keepAliveMsecs: 1000,
keepAlive: true,
maxSockets: Infinity,
maxFreeSockets: 256,
scheduling: 'lifo',
maxTotalSockets: Infinity,
totalSocketCount: 0,
maxCachedSessions: 100,
_sessionCache: { map: {}, list: [] },
[Symbol(kCapture)]: false
},
_defaultAgent: Agent {
_events: [Object: null prototype] {
free: [Function (anonymous)],
newListener: [Function: maybeEnableKeylog]
},
_eventsCount: 2,
_maxListeners: undefined,
defaultPort: 443,
protocol: 'https:',
options: [Object: null prototype] { noDelay: true, path: null },
requests: [Object: null prototype] {},
sockets: [Object: null prototype] {},
freeSockets: [Object: null prototype] {},
keepAliveMsecs: 1000,
keepAlive: false,
maxSockets: Infinity,
maxFreeSockets: 256,
scheduling: 'lifo',
maxTotalSockets: Infinity,
totalSocketCount: 0,
maxCachedSessions: 100,
_sessionCache: { map: {}, list: [] },
[Symbol(kCapture)]: false
},
port: 443,
host: 'main--servicenow--hlxsites.hlx.page',
keepAlive: true,
rejectUnauthorized: true,
noDelay: true,
servername: 'main--servicenow--hlxsites.hlx.page',
_agentKey: 'main--servicenow--hlxsites.hlx.page:443::::::::true:::::::::::::',
encoding: null,
keepAliveInitialDelay: 1000,
[Symbol(context)]: URLContext {
href: 'https://main--servicenow--hlxsites.hlx.page/fstab.yaml',
protocol_end: 6,
username_end: 8,
host_start: 8,
host_end: 43,
pathname_start: 43,
search_start: 4294967295,
hash_start: 4294967295,
port: 4294967295,
scheme_type: 2
}
}
TLS 84281: client _init handle? true
TLS 84281: client initRead handle? true buffered? false
TLS 84281: client _start handle? true connecting? false requestOCSP? false
TLS 84281: client onhandshakedone
TLS 84281: client _finishInit handle? true alpn false servername main--servicenow--hlxsites.hlx.page
unable to get local issuer certificate
another idea is to the openssl-ca, assuming that one works
node --use-openssl-ca /path/to/aem-cli/index.js up
you can verify the openssl ca with:
openssl s_client main--servicenow--hlxsites.hlx.page:443
Any solution found for this problem please ? I am finding the same problem with Node v22.
did you try:
openssl s_client main--servicenow--hlxsites.hlx.page:443
Yes, its giving - SSL handshake has read 4514 bytes and written 803 bytes Verification error: unable to get local issuer certificate
Early data was not sent Verify return code: 20 (unable to get local issuer certificate)
Ok this approach has worked for me on my local Windows 11 - I accessed this URL on my Chrome browser - https://admin.hlx.page/sidekick/owner-name/repo-name/github-branch-name/config.json I extracted the Base64 encoded Certificate Chain (second option on Save As dialog while Exporting certificate) as *.pem from the browser. I put it in a directory called certs under the cloned boilerplate repository folder. Then from the cloned repo folder I executed - set NODE_EXTRA_CA_CERTS=./certs/hlx.page.pem Then executed - aem up