cdk deploy and cdk destory suddenly cause "Deployment failed: Error: testStack: unable to verify the first certificate"
Hi, I have been using aws cdk for a while, and today, when I am about to run the cdk deploy command, it first says " current credentials could not be used to assume 'arn:aws:iam::xxxxxxxxxxxx:role/cdk-hnb659fds-deploy-role-xxxxxxxxxxxx-ap-east-1', but are for the right account. Proceeding anyway." Then, Deployment failed: Error: : testStack: unable to verify the first certificate.
I am not sure why it happens, I just do everythinh as I usually do. Could anyone help me out?
I have attached some related pictures in below,
- Newest
- Most votes
- Most comments
Do you use ESET Antivirus by any chance? they apparently broke everyone's local node.js on April 17th, 2024
short answer is disable SSL/TLS protection in ESET until they push a fix.
- Open ESET
- Click Setup
- click Internet protection
- click the gear icon by Web Access protection
- click SSL/TLS
- turn off "Enable SSL/TLS"
Then wait until ESET pushes a fix fir this before turning it back on.
Hello.
Has "cdk bootstrap" been executed for the target account?
https://stackoverflow.com/questions/57118082/what-iam-permissions-are-needed-to-use-cdk-deploy/61102280#61102280
You may also be able to see more detailed information by adding "--verbose" to the "cdk deploy" option below.
cdk deploy --verbose
Hi Riku, thanks for your reply.
I think I run cdk bootstrap for my accont
i just try run cdk bootstrap one more time, then I get the following
Bootstrapping environment aws://xxxxxxxxxxxxxxxxxx/ap-east-1... ❌ Environment aws://xxxxxxxxxxxxxxxxxx/ap-east-1 failed bootstrapping: Error: unable to verify the first certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34) at TLSSocket.emit (node:events:514:28) at TLSSocket.emit (node:domain:489:12) at TLSSocket._finishInit (node:_tls_wrap:1070:8) at ssl.onhandshakedone (node:_tls_wrap:856:12) { code: 'NetworkingError', region: 'ap-east-1', hostname: 'sts.ap-east-1.amazonaws.com', retryable: true, time: 2024-04-19T06:31:12.151Z }
unable to verify the first certificate
if I run cdk deplpoy --verbose
I got
❌ Deployment failed: Error: ApiStack: unable to verify the first certificate at Deployments.validateBootstrapStackVersion (\AppData\Roaming\npm\node_modules\aws-cdk\lib\index.js:436:12159) at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async Deployments.buildSingleAsset (\AppData\Roaming\npm\node_modules\aws-cdk\lib\index.js:436:10924)
at async Object.buildAsset (\AppData\Roaming\npm\node_modules\aws-cdk\lib\index.js:436:197968) at async \AppData\Roaming\npm\node_modules\aws-cdk\lib\index.js:436:181226ApiStack: unable to verify the first certificate
Not sure why it keep saying unable to verify the first certificate
There may be a problem with the certificate of the OS you are using, but according to the GitHub issue below, you may be able to temporarily avoid this by setting the Nodejs environment variables. https://github.com/aws/aws-cdk/issues/14216#issuecomment-822249343
export NODE_TLS_REJECT_UNAUTHORIZED=0Also, try other PCs to see if the same error occurs.
Relevant content
- asked a month ago
- asked 2 years ago
AWS OFFICIALUpdated 8 months ago- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
Thanks I am exactly using ESET Antivirus and met this problem.