Question

Getting the [ERR_TLS_CERT_ALRTNAME_INVALID] error when trying to do POST request

Posted January 18, 2020 341 views
Node.js

I upgraded nodejs to LTS version 12.14.1, this version has a more strict SSL control which i cannot pass when attempting to make a POST request.

The POST request:

function PostReq() {

    let chunks = [], resData = '';

    const postData = decodeURIComponent(qs.stringify({
        property1: 'value1',
        property2: 'value2'
    }));

    const options = {
        headers: {
            host: 'api.example.com',
            path: '/endpoint/base/resource',
            port: 443,
            method: 'POST',
            'Content-Type': 'application/x-www-form-urlencoded;',
            'Content-Length': Buffer.byteLength(postData),
        }
    };


    const reqPost = https.request(options, (res) => {

        res.setEncoding('utf8');
        if (res.statusCode === 200) {
            console.log('got successfull http response');

            res.on('data', (chunk) => {
                console.log('getting chunks...');
                chunks.push(chunk);
            });

            res.on('end', () => {
                resData = Buffer.concat(chunks).toString();
                console.log('response body data: ', resData);
            });
        } else {
            console.error('received http status code: ', res.Statuscode);
        }
    });

    reqPost.write(postData);

    reqPost.on('error', (err) => {
        console.error('HubSpot API Oauth error: ', err);
    });

    reqPost.end();
}
PostReq();

Error message:

Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: api.example.com. is not in the cert's altnames: mydomain.com, DNS:www.mydomain.com
    at Object.checkServerIdentity (tls.js:283:12)
    at TLSSocket.onConnectSecure (_tls_wrap.js:1331:27)
    at TLSSocket.emit (events.js:223:5)
    at TLSSocket._finishInit (_tls_wrap.js:794:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:608:12) {
  reason: "Host: api.example.com. is not in the cert's altnames: mydomain.com, DNS:www.mydomain.com"

The stack:

  • nodejs
  • expressjs
  • nginx
  • nginx proxy
  • free letsencrypt ssl

Ive tried setting the NPM configuration setting ssl-strict to false but it didnt help. There is an solution that probably works, which is setting rejectUnauthorized value to false in the tls.connect() parameter but this causes serios security issues which im trying to avoid so id be grateful if anyone knows about a solution.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Ive tried with Ubuntu’s LTS version of nodejs which is < 8 and it gave me the same error, so nodejs version is irelevant. I tried doing the request in curl and it worked fine so the issue is within nodejs.

SOLVED.

I did a pretty obvious mistake in my code above, i added all the options properties in the headers object.

What i did:

const options = {
    headers: {
        host: 'api.example.com',
        path: '/base',
        port: 443,
        method: 'POST',
        'Content-Type': 'application/x-www-form-urlencoded;',
        'Content-Length': Buffer.byteLength(postData),
    }
};

What i should have done (the correct way):

const options = {
    host: 'api.example.com',
    path: '/base',
    port: 443,
    method: 'POST',
    headers: {
        'Content-Type': 'application/x-www-form-urlencoded;',
        'Content-Length': Buffer.byteLength(postData)
    }
};

So if you are getting this issue, double check your code formatting, sometimes the issue is just an simple flaw!

Submit an Answer