🔧 Error Fixes

SSL Certificate Problem — Fix 'Unable to Get Local Issuer Certificate'

SSL certificate problem: unable to get local issuer certificate
unable to verify the first certificate
UNABLE_TO_GET_ISSUER_CERT_LOCALLY

Your system can’t verify the SSL certificate of the server you’re connecting to. This is usually a certificate chain issue, not a security attack.

Common Causes

  1. Corporate proxy/firewall intercepting HTTPS traffic with its own certificate
  2. Outdated CA certificates on your system
  3. Self-signed certificate on the server
  4. Incomplete certificate chain — server isn’t sending intermediate certificates

Fix 1: Update CA Certificates

# Mac
brew install ca-certificates

# Ubuntu/Debian
sudo apt update && sudo apt install ca-certificates
sudo update-ca-certificates

# CentOS/RHEL
sudo yum install ca-certificates
sudo update-ca-trust

Fix 2: Corporate Proxy (Most Common in Office Environments)

Your company’s firewall replaces SSL certificates with its own. You need to add the corporate CA certificate.

Git:

# Get the corporate cert from your IT team, then:
git config --global http.sslCAInfo /path/to/corporate-cert.pem

Node.js:

export NODE_EXTRA_CA_CERTS=/path/to/corporate-cert.pem

Python:

export REQUESTS_CA_BUNDLE=/path/to/corporate-cert.pem
# or
pip install --cert /path/to/corporate-cert.pem some-package

Find the corporate cert:

# Export from your browser:
# Chrome → click lock icon → Certificate → Details → Export
# Save as .pem file

Fix 3: Git-Specific Fix

# Quick fix (use with caution)
git config --global http.sslVerify false

# Better: point to correct CA bundle
git config --global http.sslCAInfo /etc/ssl/certs/ca-certificates.crt

# Reset to default
git config --global --unset http.sslVerify

⚠️ Disabling SSL verification means you can’t detect man-in-the-middle attacks. Only do this temporarily or on trusted networks.

Fix 4: curl Fix

# Skip verification (temporary)
curl -k https://example.com

# Use specific CA bundle
curl --cacert /path/to/cert.pem https://example.com

# Update curl's CA bundle
# Mac
brew install curl

# Linux
sudo apt install ca-certificates

Fix 5: Node.js Fix

// ❌ Disables ALL certificate checking (dangerous)
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';

// ✅ Better: add your CA cert
const https = require('https');
const fs = require('fs');
const agent = new https.Agent({
  ca: fs.readFileSync('/path/to/cert.pem')
});
# Environment variable for extra CA certs
export NODE_EXTRA_CA_CERTS=/path/to/cert.pem
node app.js

Fix 6: Self-Signed Certificates (Development)

If you’re connecting to a dev server with a self-signed cert:

# Git
git -c http.sslVerify=false clone https://internal-server/repo.git

# Or add the self-signed cert to your trust store
# Mac
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain cert.pem

# Linux
sudo cp cert.pem /usr/local/share/ca-certificates/
sudo update-ca-certificates

When It’s OK to Skip Verification

  • ✅ Local development with self-signed certs
  • ✅ Temporary workaround while getting the proper cert
  • ❌ Production environments
  • ❌ Public networks
  • ❌ As a permanent solution

You might also like

HTTPS Mixed Content Error — Why Your Page Is 'Not Secure'

Your HTTPS site loads HTTP resources and the browser blocks them. Here's what mixed content is and how to fix it.

fatal: not a git repository — What It Means and How to Fix It

Getting 'fatal: not a git repository'? You're running a git command outside a repo. Here's how to fix it and avoid it in the future.

Git Detached HEAD — What It Means and How to Fix It

In 'detached HEAD' state in Git? Here's what happened, how to save your work, and how to get back to a branch.

Git Merge Conflict — How to Resolve It Step by Step

Git merge conflicts look scary but they're easy to fix. Here's a step-by-step guide with examples for every common scenario.