We had a perfectly working flow(in test) until last month when corporate issued us a new cert for our test server. Our prod will still be using a public cert until it expires.
Now that we're having this issue, we're suspecting that it's because the newly issued cert is a self signed cert while the one we had when our flow was still working was a public cert.
Can anyone confirm whether there is actually a limitation in node-red caused by the type of cert being used?
I don't believe that Node-RED has any such limitations. However, browsers can certainly not be happy about invalid or local certs (one's not certified by a public CA).
It does, the http request node used to have an option to ignore cert issues, not sure why this was removed. Now you need to inject rejectUnauthorized:false to skip verification. See the payload options in the help tab.