Error: CERT_UNTRUSTED when using node 0.10.34

[johnywith1n]

When installing using a fresh copy of node 0.10.34 (installed via nvm), I get the following:

❯❯ npm install phantomjs                                                         ⏎ 

> phantomjs@1.9.12 install /Users/johny.lam/test/phan/node_modules/phantomjs
> node install.js

Downloading https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-macosx.zip
Saving to /var/folders/jp/2h0qb8j92zz7fjrjq5jb20r8nr05rh/T/phantomjs/phantomjs-1.9.8-macosx.zip
Receiving...

Error making request.
Error: CERT_UNTRUSTED
    at SecurePair.<anonymous> (tls.js:1381:32)
    at SecurePair.emit (events.js:92:17)
    at SecurePair.maybeInitFinished (tls.js:980:10)
    at CleartextStream.read [as _read] (tls.js:472:13)
    at CleartextStream.Readable.read (_stream_readable.js:341:10)
    at EncryptedStream.write [as _write] (tls.js:369:25)
    at doWrite (_stream_writable.js:226:10)
    at writeOrBuffer (_stream_writable.js:216:5)
    at EncryptedStream.Writable.write (_stream_writable.js:183:11)
    at write (_stream_readable.js:602:24)

Please report this full log at https://github.com/Medium/phantomjs

npm ERR! phantomjs@1.9.12 install: `node install.js`
npm ERR! Exit status 1
npm ERR! 
npm ERR! Failed at the phantomjs@1.9.12 install script.
npm ERR! This is most likely a problem with the phantomjs package,
npm ERR! not with npm itself.
npm ERR! Tell the author that this fails on your system:
npm ERR!     node install.js
npm ERR! You can get their info via:
npm ERR!     npm owner ls phantomjs
npm ERR! There is likely additional logging output above.
npm ERR! System Darwin 13.4.0
npm ERR! command "/Users/johny.lam/.nvm/v0.10.34/bin/node" "/Users/johny.lam/.nvm/v0.10.34/bin/npm" "install" "phantomjs"
npm ERR! cwd /Users/johny.lam/test/phan
npm ERR! node -v v0.10.34
npm ERR! npm -v 1.4.28
npm ERR! code ELIFECYCLE
npm ERR! not ok code 0

[johnywith1n]

The update to the root certs might have something to do with it: nodejs/node-v0.x-archive@f9456a2

[shivkumarj]

Facing a similar issue as reported by johnywith1n.

[cwphobia]

We are as well.

[nicks]

is there a bug filed upstream against node? it seems pretty bad if they break https requests to bitbucket

[nicks]

fwiw, i can confirm that this breaks with the upgrade to v0.10.34

[nicks]

i filed this as nodejs/node-v0.x-archive#8894

[nicks]

for those not following the node thread, the best workaround is to probably rollback to node v0.10.33.

node v0.10.34 contains a change to the root SSL certs that interacts badly with a bug in openssl, and breaks https on some sites. I'm not sure if they're going to rollback the cert change or try to roll forward the openssl fix.

[bennycode]

Thanks for all the communication here. I just got a new computer and was about to run my web application on a fresh system when I had the same error as described here. Downgrading node will save me lots of debugging time. Thanks! :) Got that problem with the Windows version: phantomjs-1.9.8-windows.zip.

[dandv]

Same here, breaks the build of Bootstrap Material Design.

[bennycode]

In case someone needs a download link for node 0.10.33: http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/

[meh-uk]

For what its worth I ran into this issue and I got it working by temporarily using npm set strict-ssl false before installing phantomjs, and then changing it back afterwards with npm set strict-ssl true

[jasonmayes]

+1 to this issue for npm install on Web Starter Kit:

phantomjs@1.9.12 install \GitHub\web-starter-kit\node_modules\gulp-uncss\nod
e_modules\uncss\node_modules\phantomjs
node install.js

Downloading https://bitbucket.org/ariya/phantomjs/downloads/phantomjs-1.9.8-wind
ows.zip
Saving to C:\Users\AppData\Local\Temp\phantomjs\phantomjs-1.9.8-windows.zi
p
Receiving...

Error making request.
Error: CERT_UNTRUSTED
at SecurePair. (tls.js:1381:32)
at SecurePair.emit (events.js:92:17)
at SecurePair.maybeInitFinished (tls.js:980:10)
at CleartextStream.read as _read
at CleartextStream.Readable.read (_stream_readable.js:341:10)
at EncryptedStream.write as _write
at doWrite (_stream_writable.js:226:10)
at writeOrBuffer (_stream_writable.js:216:5)
at EncryptedStream.Writable.write (_stream_writable.js:183:11)
at write (_stream_readable.js:602:24)

Please report this full log at https://github.com/Medium/phantomjs

[cburgmer]

Thanks for taking time to fix this issue. However I don't believe that turning off SSL is a good strategy. As much as I can see all updated machines will pull an uncertified version of phantomjs and execute it. This violates the assumptions of those who once checked that this module can be trusted.

I'd rather be told not to update node as long as this issue exists.

A better solution could be to allow users to turn off SSL through an option, but keeping the default situation as is.