Http request CERT_HAS_EXPIRED, but has it?

General
1

I use an htttp request node to check if a website is up to create a "heartbeat" so I can take action if it goes down.

Currently the node has the status CERT_HAS_EXPIRED, but if I go to the web page in Google Chrome, it seems perfectly happy with the cert.

The cert was renewed on 11/23 which makes me think that's when the problem started but no clue how to troubleshoot.

2

Hi @hobbes1069,
Could it be that server certificate has been renewed, but that the root (and/or optionally the intermediate certificate) on your server has expired? Your Chrome browser will also have already its own recent version of that root CA certificate. So he is not interested in the old root cerificate that your server offers.

On the other hand the http request node probably hasn't got a recent version of that root certificate, so the node has to use the old expired root certificate that your server sends to him in the ssl handshake. So he will compkain that the root certificate is expired

Could that be possible?

If so, I think you can solve it:

  1. Best by importing a recent root certificate in the keystore of that server.
  2. If you don't own that server, I assume you can import a recent root certificate on your system where Node-RED runs, so the http request node uses that one? Not sure because I haven't used that yet...

Bart

3

You could verify it by e.g. using an openssl command that shows the certificate chain being send (e.g. here).

4

This is very interesting. This Node Red instance is running on an Opto 22 groov EPIC. I can reproduce the problem on a 2nd EPIC, but I created a new flow on a groov Rio and it works as expected...

I also had it work from a 3rd EPIC in my lab at work. It's like it's somehow caching the bad (old) cert?

5

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.