registry.npmjs.org certification invalid?

registry
triaged

(Hazmi35) #1

npm WARN registry Unexpected warning for https://registry.npmjs.org/: Miscellaneous Warning undefined: request to https://registry.npmjs.org/snekfetch failed, reason: Hostname/IP doesn’t match certificate’s altnames: “Host: registry.npmjs.org. is not in the cert’s altnames: DNS:a.sni.fastly.net, DNS:a.sni.global-ssl.fastly.net”
npm WARN registry Using stale package data from https://registry.npmjs.org/ due to a request error during revalidation.

When i open https://registry.npmjs.org in my browser it gives this :
NET::ERR_CERT_COMMON_NAME_INVALID


(Stradivario) #2

Registry is unusable… having the same issue

Fastly error: unknown domain. Please check that this domain has been added to a service.

npm verb node v8.9.4
npm verb npm  v6.2.0
npm ERR! request to https://registry.npmjs.org/-/v1/login failed, reason: Hostname/IP doesn't match certificate's altnames: "Host: registry.npmjs.org. is not in the cert's altnames: DNS:a.sni.fastly.net, DNS:a.sni.global-ssl.fastly.net"
npm verb exit [ 1, true ]
npm timing npm Completed in 750ms

(Brian Graham) #3

Also having this issue:

~$ curl -v https://registry.npmjs.org
* Rebuilt URL to: https://registry.npmjs.org/
*   Trying 151.101.12.162...
* TCP_NODELAY set
* Connected to registry.npmjs.org (151.101.12.162) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=San Francisco; O=Fastly, Inc.; CN=a.sni.fastly.net
*  start date: Jul  9 18:51:07 2018 GMT
*  expire date: Jul  9 18:51:07 2020 GMT
*  subjectAltName does not match registry.npmjs.org
* SSL: no alternative certificate subject name matches target host name 'registry.npmjs.org'
* stopped the pause stream!
* Closing connection 0
* TLSv1.2 (OUT), TLS alert, Client hello (1):
curl: (51) SSL: no alternative certificate subject name matches target host name 'registry.npmjs.org'

Works fine on ´www´ and ´status´ subdomains but those certificates are issued by “Dogwood” and “DigiCert”.

Registry subdomain certificate claims to be issued to ´a.sni.fastly.net´ and “GlobalSign”.

edit: I guess the cache service they use (or the way NPM uses it) broke something? https://status.npmjs.org/

If you change DNS providers (to cloudflare or something) it will work.


(Dawid Kurzyniec) #4

This is also affecting deployments on Google Cloud Functions.


(Hambra) #5

the same thing here, i tried to use an other registry to keep working, but some dependencies have reference to registry.npmjs.org


(Chris Harvey) #6

Had this problem for the last couple of hours. Not got too much into the certificate problem but a fix for me was to change Internet providers… from (here in the UK) BT to EE and my npm install worked ok from https://registry.npmjs.org/


(Hazmi35) #7

https://registry.npmjs.org seems to be working again


(system) #8

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.