Error on rewrites to HTTPS server with self-signed certificate

[thany]

Verify canary release

• I verified that the issue exists in the latest Next.js canary release

Provide environment information

    Operating System:
      Platform: win32
      Arch: x64
      Version: Windows 10 Pro
    Binaries:
      Node: 18.13.0
      npm: N/A
      Yarn: N/A
      pnpm: N/A
    Relevant packages:
      next: 13.1.6
      eslint-config-next: 13.1.6
      react: 18.2.0
      react-dom: 18.2.0

warn  - Latest canary version not detected, detected: "13.1.6", newest: "13.1.7-canary.8".
        Please try the latest canary version (`npm install next@canary`) to confirm the issue still exists before creating a new issue.
        Read more - https://nextjs.org/docs/messages/opening-an-issue

Which area(s) of Next.js are affected? (leave empty if unsure)

Middleware / Edge (API routes, runtime)

Link to the code that reproduces this issue

N/A

To Reproduce

Add the rewrites option to next.config.js and point it to a HTTPS server that has a self-signed certificate.

Sorry, no reproduction repo. This is literally all it takes to reproduce the error. In what way you choose to set up a server with a self-signed certificate, will vary from evironment to environment. I'm sure you're able to do it 😉

Describe the Bug

Error in the CLI:

error - Error: self-signed certificate
    at TLSSocket.onConnectSecure (node:_tls_wrap:1545:34)
    at TLSSocket.emit (node:events:513:28)
    at TLSSocket._finishInit (node:_tls_wrap:959:8)
    at ssl.onhandshakedone (node:_tls_wrap:743:12) {
  code: 'DEPTH_ZERO_SELF_SIGNED_CERT'

This is with NODE_TLS_REJECT_UNAUTHORIZED=0 already set.

Expected Behavior

On a development environment I don't give a fluff about certificates. I just need stuff to work. Ignore certificates, ignore their errors, and just carry on. No error, just "do it".

There is no option anywhere to be found to forcibly ignore any errors and just let it carry on. On a development pc, this is perfectly reasonable. And before you start arguing: it is perfectly reasonable. Your development team might not agree, but mine does, so if you have whatever workaround, good for you, but I need an actual solution.

I'm not going to import certificate files into an environment variable either. That too, is a workaround, and a pretty rough one at that, as it's different on each developer's pc. This totally flushes away the paradigm of "pull, install packages, run".

I promise to not ignore certificate problems on production 😘

Which browser are you using? (if relevant)

Firefox 109

How are you deploying your application? (if relevant)

Not yet at all, still in POC phase

[github-actions]

We cannot recreate the issue with the provided information. Please add a reproduction in order for us to be able to investigate.

Why was this issue marked with the please add a complete reproduction label?

To be able to investigate, we need access to a reproduction to identify what triggered the issue. We prefer a link to a public GitHub repository (template), but you can also use a tool like CodeSandbox or StackBlitz.

To make sure the issue is resolved as quickly as possible, please make sure that the reproduction is as minimal as possible. This means that you should remove unnecessary code, files, and dependencies that do not contribute to the issue.

Please test your reproduction against the latest version of Next.js (next@canary) to make sure your issue has not already been fixed.

I added a link, why was it still marked?

Ensure the link is pointing to a codebase that is accessible (e.g. not a private repository). "example.com", "n/a", "will add later", etc. are not acceptable links -- we need to see a public codebase. See the above section for accepted links.

What happens if I don't provide a sufficient minimal reproduction?

Issues with the please add a complete reproduction label that receives no meaningful activity (e.g. new comments with a reproduction link) are automatically closed and locked after 30 days.

If your issue has not been resolved in that time and it has been closed/locked, please open a new issue with the required reproduction.

I did not open this issue, but it is relevant to me, what can I do to help?

Anyone experiencing the same issue is welcome to provide a minimal reproduction following the above steps. Furthermore, you can upvote the issue using the 👍 reaction on the topmost comment (please do not comment "I have the same issue" without reproduction steps). Then, we can sort issues by votes to prioritize.

I think my reproduction is good enough, why aren't you looking into it quicker?

We look into every Next.js issue and constantly monitor open issues for new comments.

However, sometimes we might miss one or two due to the popularity/high traffic of the repository. We apologize, and kindly ask you to refrain from tagging core maintainers, as that will usually not result in increased priority.

Upvoting issues to show your interest will help us prioritize and address them as quickly as possible. That said, every issue is important to us, and if an issue gets closed by accident, we encourage you to open a new one linking to the old issue and we will look into it.

Useful Resources

• How to Contribute to Open Source (Next.js)
• How to create a Minimal, Complete, and Verifiable example
• Reporting a Next.js bug
• Next.js Triaging issues

[thany]

We cannot recreate the issue with the provided information. Please add a reproduction in order for us to be able to investigate.

Did you try with IIS and a self-signed certificate? That's the key factor. And that's exactly what no amount of reproduction repro's can provide. You can only ever hope to configure this locally.

[seyoon20087]

I have tried creating a minimal reproduction. Some folks might want to try this:
https://github.com/seyoon20087/next-proxy-self-signed-certificate-error-reproduction

Note that this is a custom server with express configured

[thany]

Ah, so whether it be IIS or not, makes no difference? Then I stand corrected.

I was thinking about a repro as close to my config as possible, which cannot be provided as IIS needs to be installed/enabled locally. And it requires Windows.

[seyoon20087]

Ah, so whether it be IIS or not, makes no difference? Then I stand corrected.

I was thinking about a repro as close to my config as possible, which cannot be provided as IIS needs to be installed/enabled locally. And it requires Windows.

Whether or not you're using IIS the result is the same

[seyoon20087]

/cc @balazsorban44 @hanneslund @jankaifer @huozhi @feedthejim @ijjk @gnoff @sebmarkbage @shuding @styfle @timneutkens @wyattjoh
can you take a look at my reproduction please ? https://github.com/seyoon20087/next-proxy-self-signed-certificate-error-reproduction

[balazsorban44]

@seyoon20087 please don't mass tag maintainers as already mentioned in #45743 (comment)

Thanks for the reproduction though, we will have a look. 👍

[seyoon20087]

bump

[balazsorban44]

This issue has been automatically closed because it received no activity for a month and had no reproduction to investigate. If you think it was closed by accident, please leave a comment. If you are running into a similar issue, please open a new issue with a reproduction. Thank you.