Node.js Binary Distributions SSL Certificate Status
IMPORTANT: We know that security is the highest priority for any production application. This article is for Node.js users and the developer community.
NodeSource Node.js Binary Distributions
NodeSource from the beginning was created with a great commitment for the developers’ community, that is why it has provided documentation for using the NodeSource Node.js Binary Distributions via .rpm, .deb as well as their setup and support scripts.
If you are looking for NodeSource’s Enterprise-grade Node.js platform, N|Solid, please visit https://downloads.nodesource.com/, and for detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.
We are also aware that as a start-up you want ‘Enterprise-grade’ at a startup price, this is why we extend our product to small and medium-sized companies, startups, and non-profit organizations with N|Solid SaaS.
NodeSource Node.js Binary Distributions
Sept 30th, 2021
A cross-signed certificate chain by the DST Root CA X3 certificate that expired on Sept 30th, 2021 has caused several distributions to have issues interacting with the scripts that configure the repositories that allow the installation of Node.js binaries distributed by NodeSource.
Although the community has been active in suggesting plenty of solutions to the issue that is being tracked in the Distributions repository, we know that the best way to solve it is to modify the Certificate in our CDN. We investigated options with our CDN provider. Akamai Technologies , and unfortunately despite the changes they have suggested, the issue has persisted. We already have an open case with Akamai to see if they can help us, the solution is now in their hands.
As you may have already noticed, we migrated to the Trust chain "R3 (signed by ISRG Root X1), however, this is still propagating and may require actions on the server-side.
Our Position | Solutions
From our side, it is always possible to also modify the installation scripts to handle the update of the certificates, but the behavior is very variable between distributions and it would be a cumbersome solution since it can generate more errors than it solves.
We apologize for the inconvenience, this change occurred without prior notification that would have served to avoid interruptions. NodeSource is working on a permanent fix with Akamai Technologies and updates will be posted on the Distributions channel as soon as we conclude.
You want to give a hand?
Please remember that we are open to working with and for the community, and solve it as soon as possible. So if you have ideas, solutions, or want to help us continue supporting open source, you can contribute in this Github Repo