“unable to get local issuer certificate” error when running Probot app with GHE 2.14

Hi to all,
I am trying to create a GitHub App using the Probot infrastructure for SAP enterprise, following the guide:  https://probot.github.io/docs/.
I also saw the same error message in this post: https://platform.github.community/t/unable-to-get-local-issuer-certificate-error-when-running-probot-app-with-ghe-2-12/5769

I have done the following steps:

  1. Created a remote GitHub App: https://github.wdf.sap.corp/settings/apps/elad-wip-2

  2. Installed that app: https://github.wdf.sap.corp/i350641/SAPNewEmployeeTraining

  3. Created a local GitHub App project using the template: https://github.com/probot/create-probot-app

  4. Added to the  .** env** file:

    APP_ID=20
    WEBHOOK_SECRET=elad
    APP_NAME=eladTest
    PRIVATE_KEY_PATH=private-key.prem
    GHE_HOST=github.wdf.sap.corp
    WEBHOOK_PROXY_URL=https://smee.io/dTgUMgXhGMWegfN
    LOG_LEVEL=debug

According to my  elad-wip-2 remote GitHub App.
5. ran  npm start  in CLI
6. Created a new PR and changed it’s Title

I got:

09:57:31.649Z INFO probot: Forwarding https://smee.io/GSF5zkaL6WTixjC to http://localhost:3000/
09:57:31.652Z INFO probot: Listening on http://localhost:3000
09:57:32.240Z DEBUG github: GitHub request: GET /app/installations - 500 Internal Server Error (installation=undefined)
 params: {
   "per_page": 100,
   "baseUrl": "https://github.wdf.sap.corp/api/v3",
   "request": {
     "timeout": 0
   }
 }
09:57:32.241Z ERROR probot: request to https://github.wdf.sap.corp/api/v3/app/installations?per_page=100 failed, reason: unable to get local issuer certificate
 HttpError: request to https://github.wdf.sap.corp/api/v3/app/installations?per_page=100 failed, reason: unable to get local issuer certificate
     at fetch.then.then.catch.error (C:\Git\my-first-app\node_modules\@octokit\rest\lib\request\request.js:105:13)
     at <anonymous>
     at process._tickDomainCallback (internal/process/next_tick.js:228:7)
09:57:32.433Z INFO probot: Connected https://smee.io/GSF5zkaL6WTixjC
09:58:56.298Z TRACE http: POST / (id=591ecb24-cf57-4617-a4be-c844fb841fcd, req.remoteAddress=::ffff:127.0.0.1, req.remotePort=51236)
 POST / HTTP/1.1
 host: smee.io
 accept-encoding: gzip, deflate
 user-agent: GitHub-Hookshot/cc39a0c
 content-type: application/json
 connection: close
 accept: */*
 x-github-enterprise-version: 2.14.6
 x-github-enterprise-host: github.wdf.sap.corp
 x-github-event: pull_request
 x-github-delivery: 603c27d0-f874-11e8-9a9e-8863e7db3288
 x-hub-signature: sha1=de8f54a884aeacbd341ebd212f79b5e5c2259a0f
 x-request-id: 591ecb24-cf57-4617-a4be-c844fb841fcd
 x-forwarded-for: 155.56.44.140
 x-forwarded-proto: https
 x-forwarded-port: 443
 via: 1.1 vegur
 connect-time: 0
 x-request-start: 1544003936046
 total-route-time: 0
 content-length: 24528
 timestamp: 1544003936060
09:58:56.300Z DEBUG probot: Webhook received
 event: {
   "event": "pull_request.edited",
   "id": "603c27d0-f874-11e8-9a9e-8863e7db3288",
   "installation": 12,
   "repository": "i350641/SAPNewEmployeeTraining"
 }
09:58:56.310Z TRACE event: creating token for installation (id=603c27d0-f874-11e8-9a9e-8863e7db3288)
09:58:56.311Z TRACE event: ######## after github.authenticate (id=603c27d0-f874-11e8-9a9e-8863e7db3288)
09:58:56.829Z DEBUG github: GitHub request: POST /app/installations/:installation_id/access_tokens - 500 Internal Server Error (id=603c27d0-f874-11e8-9a9e-8863e7db3288, installation=12)
 params: {
   "installation_id": 12,
   "baseUrl": "https://github.wdf.sap.corp/api/v3",
   "request": {
     "timeout": 0
   }
 }
09:58:56.830Z ERROR event: request to https://github.wdf.sap.corp/api/v3/app/installations/12/access_tokens failed, reason: unable to get local issuer certificate (id=603c27d0-f874-11e8-9a9e-8863e7db3288)
 HttpError: request to https://github.wdf.sap.corp/api/v3/app/installations/12/access_tokens failed, reason: unable to get local issuer certificate
     at fetch.then.then.catch.error (C:\Git\my-first-app\node_modules\@octokit\rest\lib\request\request.js:105:13)
     at <anonymous>
     at process._tickDomainCallback (internal/process/next_tick.js:228:7)
 --
 event: {
   "event": "pull_request.edited",
   "id": "603c27d0-f874-11e8-9a9e-8863e7db3288",
   "installation": 12,
   "repository": "i350641/SAPNewEmployeeTraining"
 }
09:58:56.833Z INFO http: POST / 200 - 534.96 ms (id=591ecb24-cf57-4617-a4be-c844fb841fcd)
09:58:56.833Z TRACE http: (id=591ecb24-cf57-4617-a4be-c844fb841fcd, res.duration=534.96)
 HTTP/1.1 200 OK
 x-powered-by: Express
 x-request-id: 591ecb24-cf57-4617-a4be-c844fb841fcd
09:58:56.837Z INFO probot: POST http://localhost:3000/ - 200

we have tried this from several local computers and remote servers.

I understand the following:

  1. The connection between the remote GitHub App and the local GitHub App  works  in the direction of listening to events happening on the remote.
  2. The connection between the remote GitHub App and the local GitHub App  doesn’t work  in the direction of posting events to the remote.
  3. There seems to be an authentication problem regarding local issuer certificate.
1 Like

Hi

Were you able to find any solution?

1 Like

Hi,

Am also facing the same Issue. was the issue resolved?

Thanks

Pavan

1 Like

Hello,

in case someone still face the same issue, you have to let node know about the certificate of your GHE instance.
Unfortunately, node does not use the OS certificates but bundles its own. To add a certificate, you an set an environment variable:

export NODE_EXTRA_CA_CERTS=/path/to/your_root_certificate.crt

For SAP GitHub specific information, you may contact me directly as I work at SAP and just hit this issue :slight_smile:

Regards