Ziga Zajc
Ziga Zajc2mo ago

fetch does not work

I'm trying to fetch json data from API. The certificate is valid.
No description
No description
17 Replies
Ziga Zajc
Ziga ZajcOP2mo ago
No description
Ziga Zajc
Ziga ZajcOP2mo ago
fetch to the same URL works in browser So it seems to be Deno specific issue
philhawksworth
philhawksworth2mo ago
How does it fail? Does it give an error message? Keep in mind that due to the security model, you have to allow Deno to make network requests by running it with --allow-net or -A https://docs.deno.com/runtime/tutorials/fetch_data/#fetching-data
Deno
Fetch and stream data
In-depth documentation, guides, and reference materials for building secure, high-performance JavaScript and TypeScript applications with Deno
lucsoft
lucsoft2mo ago
nope your cert is invalid
lucsoft
lucsoft2mo ago
@Ziga Zajc did you check your site on https://www.sslshopper.com/ssl-checker.html ? or other tools
SSL Checker
Use our fast SSL Checker will help you troubleshoot common SSL Certificate installation problems on your server including verifying that the correct certificate is installed, valid, and properly trusted.
lucsoft
lucsoft2mo ago
by default deno uses the Mozilla CA Store, if you have custom root certficates then use the System CA Store defined via DENO_TLS_CA_STORE
Ziga Zajc
Ziga ZajcOP2mo ago
No description
Ziga Zajc
Ziga ZajcOP2mo ago
the company paid few hundreds dollars for this certificate how is not valid? --allow-net is used based on this the issuer is: Gandi RSA Domain Validation Secure Server CA 3 so I should find the root certificate from them? and somehow provide it in fetch? everytime I call fetch function
lucsoft
lucsoft2mo ago
just get a Lets Encrypt cert (which the company already does btw) :D nope your problem is in your Nginx config nginx needs the full chain cert not only the single cert and pretty sure you just give them only your own cert
Ziga Zajc
Ziga ZajcOP2mo ago
it still bugles me how it works in chrome, fetch from browsers, node js... and no Deno even the client didn't have any problems with using the API aren't those certs pre-installed in your OS? and bun, deno, node should just use them from there ?
lucsoft
lucsoft2mo ago
because not everyone does TLS correct you can set Registry Entries for Chrome so it behavies the same your problem is the missconfigured nginx server android would also fail you can also just test this via openssl s_client -connect google.com:443
philhawksworth
philhawksworth2mo ago
this thread is really helpful! Thanks for this detail, @!
Ziga Zajc
Ziga ZajcOP2mo ago
thank you so much, will try to conveince the boss to switch to Lets encrypt don't know why he is still paying for SSL certificates
philhawksworth
philhawksworth2mo ago
Lets Encrypt are great — when I worked at Netlify they were brilliant at making automatic TLS freely available to all. Love them!
Ziga Zajc
Ziga ZajcOP2mo ago
I usually just deploy Nginx Proxy Manager to allow me managing certificates and redirections thru UI. deploying it and setting everything up also only takes a minute or 2 with docker compose
lucsoft
lucsoft2mo ago
i would recommend caddy for small medium stuff nginx proxy manager failed for me to often and the gui is really just a nice to have nothing more old habits die hard yeah even for end users its nice like there email service
Ziga Zajc
Ziga ZajcOP2mo ago
For me Nginx Proxy Manager never failed. Even at updates. I really like that Caddy can internally manage with certs / renew them... Issue has been resolved, I forgot to include intermediate certificate / chain certificate it is strange that most browsers still trusted it