With certificate expirations now causing 23% of CI/CD failures, NPM’s SSL errors have become every developer’s recurring nightmare. In 2025, even with all the npm improvements over the years, certificate issues continue to plague developers worldwide. The good news? Most certificate expiration problems have straightforward solutions once you understand what’s happening behind the scenes.
In this comprehensive guide, we’ll walk through everything you need to know about the npm ERR! code CERT_HAS_EXPIRED error, from quick fixes to understanding the underlying causes and implementing long-term solutions. Whether you’re a beginner or an experienced developer, you’ll find actionable advice to get your projects back on track.
Understanding NPM Certificate Expiration Errors
Before diving into solutions, let’s understand what’s actually happening when npm throws a certificate expiration error.
What Causes the CERT_HAS_EXPIRED Error?
The CERT_HAS_EXPIRED error occurs when npm attempts to connect to a secure server (like the npm registry at registry.npmjs.org) but encounters an SSL/TLS certificate that has passed its validity period. Every secure connection relies on certificates with specific validity dates, and when these dates expire, the security protocol breaks the connection to protect you from potentially compromised servers.
Common causes include:
- Your system’s date and time are incorrect
- The npm registry’s certificate has actually expired (rare but possible)
- Your corporate proxy or firewall is intercepting SSL connections
- Your CA (Certificate Authority) certificate store is outdated
- Network issues preventing proper certificate validation
Common Scenarios When This Error Occurs
This error typically appears in several common situations:
- After setting up a new development environment
- When working on a computer with an incorrectly set system clock
- When connecting from networks with strict security policies
- After long periods of system hibernation that might affect system time
- When using npm behind corporate proxies or VPNs
Here’s what the error typically looks like in your terminal:
npm ERR! code CERT_HAS_EXPIRED
npm ERR! errno CERT_HAS_EXPIRED
npm ERR! request to https://registry.npmjs.org/some-package failed, reason: certificate has expired
Quick Solutions to Fix NPM Certificate Errors
Let’s start with the fastest ways to resolve certificate expiration issues so you can get back to coding quickly.
Temporary Certificate Bypass Methods
While not recommended for long-term use due to security implications, you can temporarily bypass certificate checks when you’re in development environments:
npm config set strict-ssl false
Or for a single command:
npm --strict-ssl=false install package-name
Another option is to tell npm to use HTTP instead of HTTPS (again, only for development):
npm config set registry http://registry.npmjs.org/
Remember to revert these changes once you’ve resolved the underlying issue:
npm config set strict-ssl true
npm config set registry https://registry.npmjs.org/
Setting Proper Date and Time on Your System
The most common cause of certificate errors is an incorrect system date and time. Here’s how to fix it on different operating systems:
Windows Time Configuration Steps
- Right-click on the time in your taskbar
- Select “Adjust date/time”
- Ensure “Set time automatically” is turned on
- Click “Sync now” to force an immediate synchronization
- Restart your command prompt or terminal and try npm again
If automatic time sync doesn’t work:
- Open Command Prompt as Administrator
- Run:
net stop w32time - Then:
net start w32time - Force sync:
w32tm /resync /force
macOS Time Configuration Steps
- Go to System Settings > General > Date & Time
- Check “Set date and time automatically”
- Select the appropriate time server from the dropdown
- Restart your terminal and retry npm commands
For terminal lovers:
sudo systemsetup -setusingnetworktime on
sudo systemsetup -setnetworktimeserver time.apple.com
sudo ntpdate -u time.apple.com
Linux Time Configuration Steps
For most modern Linux distributions:
sudo timedatectl set-ntp true
sudo timedatectl set-timezone YOUR_TIMEZONE
sudo systemctl restart systemd-timesyncd
For older systems using NTP directly:
sudo apt-get install ntp # or equivalent for your package manager
sudo service ntp restart
sudo ntpq -p # Verify NTP synchronization
Advanced Troubleshooting for NPM Certificate Issues
If fixing your system time didn’t resolve the issue, let’s dig deeper.
Updating NPM and Node.js
Outdated npm versions might have bugs related to certificate handling. As of May 2025, the latest stable versions are:
- Node.js: v22.6.0
- npm: v10.8.1
Update npm using:
npm install -g npm@latest
To update Node.js, it’s recommended to use a version manager like nvm:
nvm install --lts
nvm use --lts
Or download the latest version from the official Node.js website.
Certificate Authority Problems and Solutions
Sometimes the issue lies with your system’s CA certificates, particularly on older systems or custom configurations.
Updating CA Certificates on Your System
For Windows:
- Windows updates its certificates automatically through Windows Update
- Ensure you’ve installed recent updates
For macOS:
- macOS updates certificates through system updates
- Run
softwareupdate -i -ato check for and install available updates
For Linux:
- Debian/Ubuntu:
sudo apt-get update && sudo apt-get install ca-certificates - RedHat/CentOS:
sudo yum update ca-certificates - After updating:
sudo update-ca-certificates
If you need to use a specific CA bundle with npm:
npm config set cafile /path/to/your/ca-bundle.pem
Working with Corporate Proxies and Firewalls
Corporate environments often use SSL inspection, which can cause certificate issues with npm.
Configuring NPM to Work with SSL Inspection
First, configure npm to use your corporate proxy:
npm config set proxy http://proxy.company.com:8080
npm config set https-proxy http://proxy.company.com:8080
If your proxy requires authentication:
npm config set proxy http://username:[email protected]:8080
npm config set https-proxy http://username:[email protected]:8080
Setting Up Custom Certificate Authorities
If your company uses internal Certificate Authorities, you’ll need to configure npm to trust them:
- Obtain your company’s CA certificate (usually from your IT department)
- Configure npm to use this certificate:
npm config set cafile /path/to/company-ca.pem
Alternatively, you can add the certificate to your system’s trust store.
For particularly troublesome setups, create a .npmrc file in your project root with these settings:
registry=https://registry.npmjs.org/
strict-ssl=true
cafile=/path/to/company-ca.pem
Security Implications of Certificate Error Handling
Let’s talk about security considerations when dealing with certificate errors.
When to Bypass vs. When to Fix Root Causes
| Approach | When to Use | Security Implications | Recommended For |
|---|---|---|---|
| Disabling SSL checks | Temporary development only | High risk – vulnerable to MITM attacks | Short-term testing only |
| Using HTTP instead of HTTPS | Never in production | Extremely high risk – no encryption | Emergency fixes only |
| Updating system time | Always try first | No negative impact | All environments |
| Updating CA certificates | When time is correct but errors persist | Improves security | All environments |
| Adding custom CA | Corporate environments | Safe when configured correctly | Enterprise development |
Best Practices for Certificate Management in Development
- Never disable SSL verification in production environments
- Keep your system time synchronized automatically
- Use official npm registries where possible
- Regularly update your development tools
- Document any certificate configurations in your project for other developers
- Use containerized environments with proper certificate handling
- Consider using npm’s scope feature for internal packages with custom registries:
npm config set @mycompany:registry https://internal-registry.mycompany.com/
npm config set @mycompany:cafile /path/to/company-ca.pem
The table below summarizes common certificate error scenarios and their solutions:
| Error Scenario | Primary Cause | Quick Solution | Permanent Fix |
|---|---|---|---|
| Expired certificate message | System clock wrong | Correct system time | Set automatic time sync |
| Certificate not trusted | Missing CA certificate | Add CA certificate | Update system CA store |
| Corporate network errors | SSL inspection | Use company CA | Configure npm proxy settings |
| Intermittent failures | Network issues | Retry with –registry flag | Check network stability |
| Registry certificate actually expired | Registry issue | Try alternative registry | Wait for registry fix |
Conclusion
The npm ERR! code CERT_HAS_EXPIRED error can be frustrating, but it’s almost always solvable with the right approach. In 2025, most certificate issues stem from system time problems, proxy configurations, or CA certificate issues. By systematically working through the solutions in this guide, you should be able to resolve the issue and get back to productive development.
Remember that while temporary bypasses like disabling SSL verification might be tempting, they expose you to security risks. Whenever possible, aim to fix the root cause of certificate problems rather than working around them.
If you’re still experiencing issues after trying all these solutions, consider reaching out to your network administrator or checking npm’s status page at status.npmjs.org to see if there are any ongoing service disruptions.
FAQs
Can I safely ignore certificate errors in development environments?
While you technically can bypass certificate checks during development, it’s not recommended as a regular practice. Doing so can expose your system to man-in-the-middle attacks and create inconsistencies between development and production environments. It’s better to properly fix the underlying issue.
Why does NPM show certificate errors even though my system time is correct?
If your system time is correct but you’re still experiencing certificate errors, the issue might be with your CA certificate store, a corporate proxy performing SSL inspection, or network issues. Try updating your CA certificates or configuring npm to work with your specific network setup.
How often do npm registry certificates actually expire?
The official npm registry certificates are managed professionally and renewed well before expiration. It’s extremely rare for the actual registry certificates to expire. When you see a CERT_HAS_EXPIRED error, it’s almost always due to client side issues like incorrect system time or networking problems rather than the registry itself.
Will switching to Yarn or pnpm avoid these certificate issues?
No, alternative package managers like Yarn and pnpm use the same underlying HTTPS mechanisms and would face similar certificate validation issues. The solutions described in this article apply equally to npm, Yarn, and pnpm.
How can I diagnose which specific certificate in the chain has expired?
To identify specifically which certificate is causing the problem, you can use OpenSSL to examine the certificate chain:
openssl s_client -connect registry.npmjs.org:443 -servername registry.npmjs.org
This command will show the entire certificate chain with validity dates, helping you pinpoint exactly where the expiration problem lies.
