Describe the issue/error/question

Local dev environment, talking to a dev system running on localhost with a self-signed certificate.
http-request returns DEPTH_ZERO_SELF_SIGNED_CERT
I tried the flag ignore SSL errors - no effect

What is the error message (if any)?


Hello @Martin_Forster, welcome to community!

Could you please provide a screenshot with the error? I tried just now, and it works just fine: Imgur: The magic of the Internet

If you are Linux user, you could try to make curl command and import those command when you are sure it works:

Also, something what coming to my mind is localhost, could you let us know what address are you using? I am not sure how it works exactly but in some cases localhost,, and 192.168.x.x are not same addresses.
So you could try each of address, the last one you need to check your local machine address:

  • on Windows click window key + R, and type cmd, then run ipconfig /all the IP will be start with 192.168.
  • on Linux: type this in command line ip addr | grep -E "192\.168\."

Please have a look those posts, that might be helpful:

Also, can you provide:

  • n8n version
  • n8n instance (desktop, docker, npm etc.)

Hope that will help,

1 Like

we use the hostname app.localdomain which is a entry in the hosts file, pointing to

n8n instance is npm
n8n version = “n8n-core”: “0.125.0”,

Ok, could you share request node code, please?

its the n8n core node http request

Yes, I understand, I mean could you share the workflow?

its just this one node, we try to get aoth2 running, then improve it with a custom token_exchange to allow impersonation.

console log with debug:

2022-11-08T14:30:38.839Z | debug    | Request proxied to Axios failed "{\n  error: Error: Request failed with status code 401\n      at createError (C:\\Users\\username\\AppData\\Roaming\\npm\\node_modules\\n8n\\node_modules\\axios\\lib\\core\\createError.js:16:15)\n      at settle (C:\\Users\\username\\AppData\\Roaming\\npm\\node_modules\\n8n\\node_modules\\axios\\lib\\core\\settle.js:17:12)\n      at IncomingMessage.handleStreamEnd (C:\\Users\\username\\AppData\\Roaming\\npm\\node_modules\\n8n\\node_modules\\axios\\lib\\adapters\\http.js:269:11)\n      at IncomingMessage.emit (node:events:532:35)\n      at endReadableNT (node:internal/streams/readable:1346:12)\n      at processTicksAndRejections (node:internal/process/task_queues:83:21) {\n    config: {\n      url: 'https://app.localdomain:5000/api/v1/employees',\n      method: 'get',\n      headers: [Object],\n      transformRequest: [Array],\n      transformResponse: [Function (anonymous)],\n      paramsSerializer: [Function (anonymous)],\n      timeout: 3600000,\n      adapter: [Function: httpAdapter],\n      responseType: 'arraybuffer',\n      xsrfCookieName: 'XSRF-TOKEN',\n      xsrfHeaderName: 'X-XSRF-TOKEN',\n      maxContentLength: Infinity,\n      maxBodyLength: Infinity,\n      httpsAgent: [Agent],\n      validateStatus: [Function: validateStatus],\n      transitional: [Object],\n      'axios-retry': [Object],\n      data: undefined\n   
 },\n    request: ClientRequest {\n      _events: [Object: null prototype],\n      _eventsCount: 7,\n      _maxListeners: undefined,\n      outputData: [],\n      outputSize: 0,\n      writable: true,\n      destroyed: false,\n      _last: true,\n      chunkedEncoding: false,\n      shouldKeepAlive: false,\n      maxRequestsOnConnectionReached: false,\n      _defaultKeepAlive: true,\n      useChunkedEncodingByDefault: false,\n      sendDate: false,\n      _removedConnection: false,\n      _removedContLen: false,\n      _removedTE: false,\n      _contentLength: 0,\n      _hasBody: true,\n      _trailer: '',\n      finished: true,\n      _headerSent: true,\n      _closed: false,\n      socket: [TLSSocket],\n      _header: 'GET /api/v1/employees HTTP/1.1\\r\\n' +\n        'Accept: application/json,text/html,application/xhtml+xml,application/xml,text/*;q=0.9, image/*;q=0.8, */*;q=0.7\\r\\n' +\n        'Authorization: Bearer xh5dhOPOiw5SX7F7vfN2YbDrPe186WieckQ3X8gBIZ\\r\\n' +\n        'User-Agent: axios/0.21.4\\r\\n' +\n        'Host: app.localdomain:5000\\r\\n' +\n        'Connection: close\\r\\n' +\n        '\\r\\n',\n      _keepAliveTimeout: 0,\n      _onPendingData: [Function: nop],\n      agent: [Agent],\n      socketPath: undefined,\n      method: 'GET',\n      maxHeaderSize: undefined,\n      insecureHTTPParser: undefined,\n      path: '/api/v1/employees',\n      _ended: true,\n      res: [IncomingMessage],\n      aborted: false,\n      timeoutCb: null,\n      upgradeOrConnect: false,\n      parser: null,\n      maxHeadersCount: null,\n      reusedSocket: false,\n      host: 'app.localdomain',\n      protocol: 'https:',\n      _redirectable: [Writable],\n      [Symbol(kCapture)]: false,\n      [Symbol(kNeedDrain)]: false,\n      [Symbol(corked)]: 0,\n      [Symbol(kOutHeaders)]: [Object: null prototype]\n    },\n    response: {\n      status: 401,\n      statusText: 'UNAUTHORIZED',\n    
  headers: [Object],\n      config: [Object],\n      request: [ClientRequest],\n      data: <Buffer 7b 22 6d 65 73 73 61 67 65 22 3a 20 6e 75 6c 6c 7d 0a>\n    },\n    isAxiosError: true,\n    toJSON: [Function: toJSON]\n  },\n  file: 'NodeExecuteFunctions.js'\n}"
2022-11-08T14:30:38.846Z | debug    | OAuth2 token for "oAuth2Api" used by node "HTTP Request" expired. Should revalidate. "{ file: 'NodeExecuteFunctions.js' }"
2022-11-08T14:30:39.031Z | debug    | Running node "HTTP Request" finished with error "{ node: 'HTTP Request', workflowId: '1', file: 'WorkflowExecute.js' }"
2022-11-08T14:30:39.036Z | debug    | Received child process message of type processHook for execution ID 42. "{ executionId: '42', file: 'WorkflowRunner.js' }"
2022-11-08T14:30:39.038Z | debug    | Executing hook on node "HTTP Request" (hookFunctionsPush) "{\n  executionId: '42',\n  sessionId: '68nmvpzta3',\n  workflowId: '1',\n  file: 'WorkflowExecuteAdditionalData.js',\n  function: 'nodeExecuteAfter'\n}"
2022-11-08T14:30:39.039Z | debug    | Send data of type "nodeExecuteAfter" to editor-UI "{\n  dataType: 'nodeExecuteAfter',\n  sessionId: '68nmvpzta3',\n  file: 'Push.js',\n  function: 'send'\n}"
2022-11-08T14:30:39.037Z | verbose  | Workflow execution finished with error "{\n  error: {\n    context: {},\n    name: 'NodeApiError',\n    cause: {\n      status: 'rejected',\n      reason: ConnectionError: Unable to connect to app.localdomain:5000\n          at TLSSocket.onError (C:\\Users\\username\\AppData\\Roaming\\npm\\node_modules\\n8n\\node_modules\\popsicle-transport-http\\src\\index.ts:973:13)\n          at Object.onceWrapper (node:events:640:26)\n        
  at TLSSocket.emit (node:events:532:35)\n          at emitErrorNT (node:internal/streams/destroy:157:8)\n          at emitErrorCloseNT (node:internal/streams/destroy:122:3)\n          at processTicksAndRejections (node:internal/process/task_queues:83:21) {\n        request: Request {\n          '$rawBody': 'grant_type=client_credentials&scope=profile',\n          url: 'https://app.localdomain:5000/api/v1/oauth/token',\n          method: 'POST',\n          signal: Signal { _: [], '$': [Object: null prototype], aborted: false },\n          headers: Headers { object: [Object: null prototype] },\n          trailer: Promise { [Headers] }\n        },\n        code: 'EUNAVAILABLE',\n        [cause]: Error: self signed certificate\n            at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)\n            at TLSSocket.emit (node:events:520:28)\n            at TLSSocket._finishInit (node:_tls_wrap:944:8)\n            at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {\n          code: 'DEPTH_ZERO_SELF_SIGNED_CERT'\n        }\n      }\n      \n      The following exception was the direct cause of the above exception:\n      \n      Error: self signed certificate\n          at TLSSocket.onConnectSecure (node:_tls_wrap:1530:34)\n          at TLSSocket.emit (node:events:520:28)\n          at TLSSocket._finishInit (node:_tls_wrap:944:8)\n          at TLSWrap.ssl.onhandshakedone (node:_tls_wrap:725:12) {\n        code: 'DEPTH_ZERO_SELF_SIGNED_CERT'\n      }\n    },\n    timestamp: 1667917838937,\n    node: {\n      parameters: [Object],\n      id: '6f78cef7-19d8-4905-953b-76fd65d69578',\n      name: 'HTTP Request',\n      type: 'n8n-nodes-base.httpRequest',\n  
    typeVersion: 3,\n      position: [Array],\n      credentials: [Object]\n    },\n    httpCode: 'rejected',\n    message: 'UNKNOWN ERROR - check the detailed error for more information',\n    description: 'self signed certificate',\n    stack: 'NodeApiError: UNKNOWN ERROR - check the detailed error for more information\\n' +\n      '    at Object.execute (C:\\\\Users\\\\username\\\\AppData\\\\Roaming\\\\npm\\\\node_modules\\\\n8n\\\\node_modules\\\\n8n-nodes-base\\\\nodes\\\\HttpRequest\\\\V3\\\\HttpRequestV3.node.ts:1194:12)\\n' +\n      '    at processTicksAndRejections (node:internal/process/task_queues:96:5)\\n' +\n      '    at Workflow.runNode (C:\\\\Users\\\\username\\\\AppData\\\\Roaming\\\\npm\\\\node_modules\\\\n8n\\\\node_modules\\\\n8n-workflow\\\\src\\\\Workflow.ts:1255:19)\\n' +\n      '    at C:\\\\Users\\\\username\\\\AppData\\\\Roaming\\\\npm\\\\node_modules\\\\n8n\\\\node_modules\\\\n8n-core\\\\src\\\\WorkflowExecute.ts:938:29'\n  },\n  workflowId: '1',\n  file: 'WorkflowExecute.js',\n  function: 'processSuccessExecution'\n}"
2022-11-08T14:30:39.062Z | debug    | Received child process message of type processHook for execution ID 42. "{ executionId: '42', file: 'WorkflowRunner.js' }"
2022-11-08T14:30:39.064Z | debug    | Executing hook (hookFunctionsSave) "{\n  executionId: '42',\n  workflowId: '1',\n  file: 'WorkflowExecuteAdditionalData.js',\n  function: 'workflowExecuteAfter'\n}"
2022-11-08T14:30:39.066Z | debug    | Received child process message of type end for execution ID 42. "{ executionId: '42', file: 'WorkflowRunner.js' }"
2022-11-08T14:30:39.070Z [Rudder] debug: no existing flush timer, creating new one
2022-11-08T14:30:39.079Z | debug    | Executing hook (hookFunctionsPush) "{\n  executionId: '42',\n  sessionId: '68nmvpzta3',\n  workflowId: '1',\n  file: 'WorkflowExecuteAdditionalData.js',\n  function: 'workflowExecuteAfter'\n}"
2022-11-08T14:30:39.082Z | debug    | Save execution progress to database for execution ID 42  "{\n  executionId: '42',\n  workflowId: '1',\n  file: 'WorkflowExecuteAdditionalData.js',\n  function: 'workflowExecuteAfter'\n}"
2022-11-08T14:30:39.084Z | debug    | Send data of type "executionFinished" to editor-UI "{\n  dataType: 'executionFinished',\n  sessionId: '68nmvpzta3',\n  file: 'Push.js',\n  function: 'send'\n}"
2022-11-08T14:30:59.074Z [Rudder] debug: in flush
2022-11-08T14:30:59.074Z [Rudder] debug: cancelling existing flushTimer...
2022-11-08T14:30:59.075Z [Rudder] debug: batch size is 2
2022-11-08T14:31:19.255Z [Rudder] debug: in flush
2022-11-08T14:31:19.255Z [Rudder] debug: cancelling existing timer...
2022-11-08T14:31:19.256Z [Rudder] debug: queue is empty, nothing to flush
2022-11-08T14:31:24.098Z | debug    | Wait tracker querying database for waiting executions "{ file: 'WaitTracker.js', function: 'getWaitingExecutions' }"

Hey @Martin_Forster,

Have you set the HTTP Request node to ignore certificate errors?

Hi Jon,
yes i have.
Meanwhile i could narrow it down to the oauth part. As soon as i have a token, even if i used the same credentials on a different server ?!?. the http request works.
When i use an unauthenticated endpoint, the http_request works.

So the auth part of the http_request doesnt honor this ignore certificate settings.

Hey @Martin_Forster,

So is the issue here just with the authentication type and not the HTTP Request node itself? I thought you were maybe trying to build out your own oauth flow using HTTP Request nodes.

Some questions that would be handy to have the answer to…

  1. What version of n8n are you running? You can see this in the UI of n8n
  2. Are you using the OAuth credential option of n8n or building out your own oauth flow?
  3. How are you running n8n? You mentioned npm but are you using something like pm2 as well or maybe a custom docker image that uses npm?
  4. When you set NODE_TLS_REJECT_UNAUTHORIZED how did you do it?

HI Jon

  1. n8n version = “n8n-core”: “0.125.0”
  2. Oauth credential option from n8n
  3. started with n8n executeable, in a vscode terminal on Windows.
  4. NODE_TLS_REJECT_UNAUTHORIZED set via environment variable. It is recognized, proofed by a warning about security in the debug log

We plan for 2 scenarios.

  • Plain oauth where n8n works with client credentials flow.
  • And a optional, expansion where we want to achieve a delegation of the user token, with a long lifetime. So that actions are logged in the backend with the right user, and permission checks are able to check against the correct user account.

Hey @Martin_Forster,

In the UI for n8n does it say the version is 0.125.0? It sounds to me like the env option is not being picked up by node properly as I don’t think we overwrite it but I can check.

Does the normal OAuth flow work or is it just the optional expansion failing? If it is the optional expansion failing how have you implemented that?

As you are using vscode as well I have to ask have you made any changes to n8n itself or are you just using it to run n8n start? I have seen issues in the past where it looks like an option is set but for some reason it isn’t being picked up, Maybe it is worth trying NODE_EXTRA_CA_CERTS and setting it to point to your self signed cert locally which would tell Node to trust it. It is probably safer than the other option as well.

The optional part would be our custom code. its just the built in oauth code.
the variable was picked up, at least we saw the related warning in the debug log.

Hey @Martin_Forster,

Did you try the ca certs setting as well? Can you also answer the other questions?

Hi Jon,
as mentioned before

  • ignore SSL errors
    had no effect on the TLS error during oauth.

I didnt try ca certs because this tls certs are random self signed certificates used in the dev notebook local environments. The CI/CD controlled integration system use Lets Encrypt, and that works fine.

The normal oauth flow breaks because it somehow does not honor the configrations to ingore tls errors.

As mentione before NODE_TLS_REJECT_UNAUTHORIZED is recognized, because it is mentioned in the logfile with a warning that it is unsecure to use it.

Hey @Martin_Forster,

You have still not confirmed the actual version of n8n either, The thing I wanted to check with the OAuth flow was that it was the standard unmodified oauth code that we ship. Looking at the code we don’t overwrite the global node option so it is a bit of a surprise that it isn’t working.

Are you building out an oauth2 flow manually? It could be handy to see the workflow you are using as well.

Hello my Friend,
i think it is better for my nerves if you never answer to anything from me again.
Because you are really killing my mood. Please if you want to help, read the questions and answers in the thread before. as long as you are not willing to do that, you are just stealing time, network traffic, cpu cycles, and so on…

Hi @Martin_Forster,

I have read it a few times and when asking for say the version I can see “n8n-core”: “0.125.0” a few times which is not the version from the UI which is what we tend to ask for. Core 0.125.0 could be from n8n version 0.185.0 so perhaps an update is needed.

The workflow would be great so we can see what you actually have set and it would be useful so we can attempt to reproduce the issue after setting up a local oauth2 service that uses a self signed certificate, You have mentioned custom options as well so with the workflow we will able to see if it is something being done in the workflow itself or something else.

These are questions where there are pieces of information but not everything, Currently from what I can see in our code base it doesn’t look like we overwrite the option and I am still not sure if Node even allows that but we also don’t have log output that shows the message you are seeing with the option being set.

I have just realised that we don’t have the version of node you are running either which could be useful if there is maybe an underlying issue with Node itself or one of the libraries we use to make the HTTP requests.

Hi Jon,

sorry but it realy bugged me.

  • Workflow as already mentioned it is a single http_request node. It is unmodified
  • Want to implement token Exchange, we have not done anything yet in terms of code.
  • we were able to achieve it with a series of http_request nodes.
  • n8n version in gui is 0.197.0
    I just discoved that the nodes_starter porject is referencing a old n8n-core, we will retest.