Sanity Client "unable to get local issuer certificate" error fix

The "unable to get local issuer certificate" error you're experiencing is a TLS/SSL certificate validation issue in Node.js, often caused by corporate proxies, self-signed certificates, or certificate chain problems. You're absolutely right that setting NODE_TLS_REJECT_UNAUTHORIZED=0 is insecure and should be avoided.

Here are better solutions to try:

1. Update Node.js and Dependencies

First, ensure you're running a recent version of Node.js (20+) and update your Sanity dependencies:

npm update @sanity/client next-sanity

Outdated versions may have certificate bundle issues that have been fixed in newer releases.

2. Use NODE_EXTRA_CA_CERTS (Recommended for Corporate Proxies)

This is the safest and most recommended solution that maintains security while trusting additional certificates:

NODE_EXTRA_CA_CERTS=/path/to/ca-bundle.crt npm run dev

Or add to your .env.local:

NODE_EXTRA_CA_CERTS=/path/to/ca-bundle.crt

This tells Node.js to trust your corporate proxy's certificate without disabling all SSL verification. This is a built-in Node.js feature specifically designed for this scenario.

3. Check Your Network Environment

If you're on a corporate network:

• Ask your IT department for the corporate proxy CA certificate file (usually a .pem or .crt file)
• Verify your proxy settings are properly configured
• Some corporate proxies intercept SSL traffic (called "SSL inspection"), which requires their certificate to be trusted
• Your IT team may have specific instructions for Node.js applications

4. Update System Certificate Store

On some systems, updating the system's certificate store can resolve the issue:

macOS:

brew install ca-certificates

Ubuntu/Debian:

sudo apt-get update
sudo apt-get install ca-certificates

5. Development-Only Conditional Workaround

As a last resort for local development only (never in production):

// At the top of your file - development only!
if (process.env.NODE_ENV === 'development' && process.env.ALLOW_UNSAFE_SSL === 'true') {
  process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
  console.warn('⚠️  SSL verification disabled - development only!')
}

Then in .env.local:

ALLOW_UNSAFE_SSL=true

Important: This should only be used temporarily while you work on implementing a proper solution.

Side Note on Your Code

I noticed you're using previewData() from Next.js. If you're on Next.js 13+ with App Router, this API has been deprecated and replaced with Draft Mode. The next-sanity toolkit provides helpful utilities that work great with modern Next.js patterns.

Most Likely Solution

Based on the error message, you're probably behind a corporate proxy or firewall that's intercepting HTTPS traffic. Solution #2 (NODE_EXTRA_CA_CERTS) is your best bet - it's secure, officially supported by Node.js, and specifically designed for this scenario.

Contact your IT department to:

1. Get the correct CA certificate file path for your corporate proxy
2. Confirm whether SSL inspection is enabled on your network
3. Ask if they have standard Node.js configuration for developers

This will solve your issue while keeping your connections secure. Note that the Sanity client itself uses Node.js's underlying HTTPS implementation, so Node.js-level certificate configuration (like NODE_EXTRA_CA_CERTS) is the correct approach rather than trying to configure the Sanity client directly.