Https:// - certificate has expired

Hi there,

I’m experiencing a weird error on one of my sites. When building it suddenly throws this error. It’s from gatsby-source-datocms. Is this something you have seen before or have any idea why it’s coming? It started today and the site has been live and working (and getting updated without issues for 3-4 years).

7:44:55 PM: FetchError: request to[limit]=500 failed, reason: certificate has expired
7:44:55 PM:
7:44:55 PM: - index.js:133 ClientRequest.
7:44:55 PM: [repo]/[node-fetch]/index.js:133:11
7:44:55 PM:
7:44:55 PM: - destroy.js:64 emitErrorNT
7:44:55 PM: internal/streams/destroy.js:64:8

hello @anders unfortunately this is due to a root certificate of Let’s Encrypt expiring. This means that if you are building your site on an old system with old root CAs then you’ll detect our certificate as expired, while it’s not the case.

Depending on where you are building I would recommend you to update your underlying OS as it might be the cause of your problems.

Hope this helps!

Thanks for this.

It is with netlify - should I just change the os on the build machine to something newer?

Yes, and also probably NodeJS version, if it’s an old project.

Ugh - I can’t really do that (without spending a lot of time upgrading packages). Why is this happening all of a sudden? Are there other ways to fix it?

FWIW this isn’t really a Dato glitch. It’s a LetsEncrypt thing: DST Root CA X3 Expiration (September 2021) - Let's Encrypt

Can you reach out to Netlify support and ask about their cert chain? I had a similar problem on my build machines but they resolved themselves in a few hours, but we use Vercel. Somebody somewhere has to keep updating all the certs periodically (usually handled by the OS or devops of your deployment company), and it really shouldn’t be you… unless you like doing that sort of thing.

In this case the reach was just quite wide because it was LetsEncrypt, which has the unfortunate combination of being free, popular, and implemented in different ways across different hosts and OSes.

(Edit: to be clear, what expired wasn’t the particular cert issued to Dato, but something higher up the chain of trust, at the CA level)


Yeah I found out as well… I tried upgrading my machine in Netlify but it didn’t do anything. I can’t find anything about NodeJS issues anywhere.

I’ll try to reach out to netlify.

thank you @roger !

@anders if you want you can invite me ( to your Netlify project and I can have a look. Also if you invite me in your Github (maybe?) repo I can try to help, I’m matjack1 there.

@anders I can confirm it’s Node v8 the problem. You can try just switching to v10 and see if the build still works. The cert problem is fixed there.

Easier said than done unfortunately (for me). It’s an old and somewhat unmaintained solution and messing with Node version brings out a lot of other issues to the table. I’ll look into it. You have access to the netlify now. Let me know if you don’t need it anyway.

I got it to work now. Had to do some manual updating of yarn.lock resolves… yuck

1 Like