{"message":"[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)"}

I am also interested in the answers to questions @hc20 is asking!
My companies application has been down having similar outages to those who are replying to @dan.woda

Hi folks, can you report what OpenSSL version you are using?

You can use this command in your terminal:

openssl version

openssl : The term ‘openssl’ is not recognized as the name of a cmdlet, function, script file, or operable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:1

  • openssl version
  •   + CategoryInfo          : ObjectNotFound: (openssl:String) [], CommandNotFoundException
      + FullyQualifiedErrorId : CommandNotFoundException

Windows 10: I removed the certificate but as soon as I launch the app and try to authenticate, the certificate appears again. I tried leaving it and disabling it but this did not give different results. I also tried moving it to “Untrusted” but this did not fix it either. I am using the logic from: Build and Secure an Electron App - OpenID, OAuth, Node.js, and Express which was working until December 7 and now it fails. On the screen it gives “Unauthorized” and on the console it says:

(node:7228) UnhandledPromiseRejectionWarning: Error: certificate has expired
    at TLSSocket.onConnectSecure (_tls_wrap.js:1501:34)
    at TLSSocket.emit (events.js:315:20)
    at TLSSocket._finishInit (_tls_wrap.js:936:8)
    at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:710:12)
(node:7228) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:7228) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
1 Like

Hi @dan.woda - following up from {“message”:”[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)”} - I am using
OpenSSL 1.1.1n on my local machine 15 Mar 2022
This is for a macOS Mojave Version 10.14.6

Our web application is hosted on Heroku with Heroku-22 stack, according to @mattohren’s image should be using openssl 3.0.2

Additionally, for our SSL


On my local machine I am using

LibreSSL 2.8.3

On my Heroku dynos we use Openssl 1.1.1 (part of Heroku-20 stack)

If we want to use Openssl 3.0.2, i need to upgrade to the Heroku-22 stack

@mattohren, you were able to get it working by upgrading your SDK, right?

1 Like

Hi @dan.woda - do you have any additional updates on my issue?

@hc20,

Are you using up-to-date versions of python, flask, and the SDKs you are using with Auth0?

We found the latest version of axios has an issue that breaks the sample code in the blog. Once a character encoding is set for the response and if axios is pinned at 1.2.0, we got the sample code to work.

In our case this issue was resolved by using the latest version of electron. Unfortunately, we have some work to do before our code base can use the latest version. We were using web pack 4 and now web pack 5 is recommend which doesn’t include node so this will also add more work for us in getting the the latest version of things. Apparently older versions of electron use older root certificates and so they won’t work with the latest auth0 which changed their Certificate authority.

1 Like

@dan.woda, we are using the up to date versions of all of these I believe.
Authlib==1.2.0
certifi==2022.12.7
Flask==2.2.2
python-dotenv==0.19.2
python-http-client==3.3.1
requests==2.3.0
Werkzeug==2.2.2

I’ve resolved my issue! thanks for your help!

1 Like

Thanks for sharing your resolutions everyone!

Yep, upgrading the SDK worked for my local and production environments.

1 Like

Thanks for the reply!

I’m running into that same problem running an ASP.NET app from docker.

Is the solution to install openssl v3?

Hi @tpluscode,

That is a possibility. We have seen users have issues with certificates who were using an older version of openssl.

I’m going to close this topic as the issue is officially resolved and the replies are sending notifications to a lot of people.

If you are still seeing issues with certs please see this thread first, and if that doesn’t solve it you can open a new individual topic. Feel free to tag me.