Axios self-signed certificate errors occur when your application encounters untrusted SSL certificates during API requests. You can fix these errors using two main methods. The first method is to set the ‘rejectUnauthorized’ option to false in your Axios configuration. The second method involves adding a valid SSL certificate to your server. For Node.js applications, you can use the NODE_TLS_REJECT_UNAUTHORIZED=0 environment variable, but this should only be used in development. In production environments, always use proper SSL certificates to maintain security. These solutions will resolve the certificate verification issues in your Axios requests.
Why Does Axios Block Self-Signed Certificates?
Axios relies on Node.js’s https module, which enforces strict SSL certificate validation. When a server uses a self-signed certificate (not issued by a trusted Certificate Authority like Let’s Encrypt), Node.js throws:
AxiosError: self signed certificate in certificate chain
Error: unable to verify the first certificate
Why Do Axios Self-Signed Certificate Errors Occur?
- Local development servers (HTTPS-enabled APIs)
- Internal tools with self-signed certs
- Staging environments without CA-signed certificates
How Can I Temporarily Fix Axios SSL Errors in Development?
Disable SSL Verification (Temporary Workaround)
If you need a quick solution for local testing, you can bypass certificate validation:
const https = require('https');
const axios = require('axios');
const agent = new https.Agent({
rejectUnauthorized: false // ⚠️ Disables SSL verification
});
axios.get('https://your-api.com', { httpsAgent: agent })
.then(response => console.log(response.data))
.catch(error => console.error(error));
⚠️ Warning: Never use this in production! It makes your app vulnerable to man-in-the-middle attacks (MITM attacks).
Catch & Handle the Error Gracefully
Instead of disabling all SSL checks, you can catch the specific error:
axios.get('https://your-api.com')
.catch(error => {
if (error.code === 'DEPTH_ZERO_SELF_SIGNED_CERT') {
console.log("Self-signed certificate detected. Falling back to insecure mode.");
const insecureAgent = new https.Agent({ rejectUnauthorized: false });
return axios.get('https://your-api.com', { httpsAgent: insecureAgent });
}
throw error;
});How to Fix Axios SSL Errors in Production?
1. Add the Self-Signed Certificate to the Trust Store
The correct way to fix axios self signed certificate in certificate chain errors is to trust the certificate explicitly:
const fs = require('fs');
const https = require('https');
const axios = require('axios');
const cert = fs.readFileSync('./path/to/your-cert.pem');
const agent = new https.Agent({
ca: cert // Trusts your self-signed certificate
});
axios.get('https://your-api.com', { httpsAgent: agent });
2. Use a Proper CA-Signed Certificate (Recommended)
For production, avoid self-signed certificates entirely:
- Free Option: Use Let’s Encrypt
- Paid Option: Buy from DigiCert, Comodo, etc.
sudo certbot certonly --standalone -d yourdomain.com
How Do I Fix These Errors in Different Environments?
1. Fixing in React/Vite
If you’re using React/Vite and seeing axios self signed certificate errors, configure a proxy in vite.config.js:
export default defineConfig({
server: {
proxy: {
'/api': {
target: 'https://your-api.com',
changeOrigin: true,
secure: false // Only for development!
}
}
}
});
2. Fixing in Docker Containers
If running in Docker, add the certificate to the container’s trust store:
COPY ./your-cert.pem /usr/local/share/ca-certificates/ RUN update-ca-certificates
3. Fixing in Node.js HTTPS Server
If you’re creating a server with a self-signed cert:
const https = require('https');
const fs = require('fs');
const options = {
key: fs.readFileSync('key.pem'),
cert: fs.readFileSync('cert.pem')
};
https.createServer(options, (req, res) => {
res.end("Hello, secure world!");
}).listen(443);
Final Thoughts
The solution to Axios self-signed certificate errors depends on your security needs which should guide your choice of appropriate solution. The problem requires a solution that involves configuring Axios to trust specific certificates or updating your backend with valid SSL certificates or bypassing SSL checks only for testing purposes without compromising security. These steps enable you to keep your API communication running smoothly while protecting your applications. Security measures protect systems which become reliable through proper implementation.
Frequently Asked Questions (FAQs)
What causes self-signed certificate errors in Axios?
Self-signed certificate errors occur when Axios encounters an SSL certificate not issued by a trusted Certificate Authority. The application rejects these certificates as potentially unsafe, causing connection failures.
How do I bypass SSL certificate verification in Axios?
Developers can set the ‘rejectUnauthorized’ option to false in Axios configuration. Add { httpsAgent: new https.Agent({ rejectUnauthorized: false }) } to your Axios request options.
Is it safe to disable SSL verification in Axios?
Disabling SSL verification creates security risks. This approach should only be used in development environments or trusted internal networks. Production environments require valid SSL certificates.
How do I add a custom certificate authority to Axios?
Developers can add custom certificates using the ca option in Axios configuration. Import the certificate file and pass it to the httpsAgent configuration using fs.readFileSync().
Why does Axios show UNABLE_TO_VERIFY_LEAF_SIGNATURE error?
This error appears when Axios cannot verify the SSL certificate chain. The server’s certificate is either self-signed or missing intermediate certificates needed for validation.
How do I fix Axios certificate errors in Node.js?
Set NODE_TLS_REJECT_UNAUTHORIZED=0 as an environment variable or configure Axios with proper SSL certificates. Use valid certificates in production for secure connections.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
