Sanity Client "unable to get local issuer certificate" error fix
The "unable to get local issuer certificate" error you're experiencing is a TLS/SSL certificate validation issue in Node.js, often caused by corporate proxies, self-signed certificates, or certificate chain problems. You're absolutely right that setting NODE_TLS_REJECT_UNAUTHORIZED=0 is insecure and should be avoided.
Here are better solutions to try:
1. Update Node.js and Dependencies
First, ensure you're running a recent version of Node.js (20+) and update your Sanity dependencies:
npm update @sanity/client next-sanityOutdated versions may have certificate bundle issues that have been fixed in newer releases.
2. Use NODE_EXTRA_CA_CERTS (Recommended for Corporate Proxies)
This is the safest and most recommended solution that maintains security while trusting additional certificates:
NODE_EXTRA_CA_CERTS=/path/to/ca-bundle.crt npm run devOr add to your .env.local:
NODE_EXTRA_CA_CERTS=/path/to/ca-bundle.crt
This tells Node.js to trust your corporate proxy's certificate without disabling all SSL verification. This is a built-in Node.js feature specifically designed for this scenario.
3. Check Your Network Environment
If you're on a corporate network:
- Ask your IT department for the corporate proxy CA certificate file (usually a
.pemor.crtfile) - Verify your proxy settings are properly configured
- Some corporate proxies intercept SSL traffic (called "SSL inspection"), which requires their certificate to be trusted
- Your IT team may have specific instructions for Node.js applications
4. Update System Certificate Store
On some systems, updating the system's certificate store can resolve the issue:
macOS:
brew install ca-certificatesUbuntu/Debian:
sudo apt-get update
sudo apt-get install ca-certificates5. Development-Only Conditional Workaround
As a last resort for local development only (never in production):
// At the top of your file - development only!
if (process.env.NODE_ENV === 'development' && process.env.ALLOW_UNSAFE_SSL === 'true') {
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0'
console.warn('⚠️ SSL verification disabled - development only!')
}Then in .env.local:
ALLOW_UNSAFE_SSL=true
Important: This should only be used temporarily while you work on implementing a proper solution.
Side Note on Your Code
I noticed you're using previewData() from Next.js. If you're on Next.js 13+ with App Router, this API has been deprecated and replaced with Draft Mode. The next-sanity toolkit provides helpful utilities that work great with modern Next.js patterns.
Most Likely Solution
Based on the error message, you're probably behind a corporate proxy or firewall that's intercepting HTTPS traffic. Solution #2 (NODE_EXTRA_CA_CERTS) is your best bet - it's secure, officially supported by Node.js, and specifically designed for this scenario.
Contact your IT department to:
- Get the correct CA certificate file path for your corporate proxy
- Confirm whether SSL inspection is enabled on your network
- Ask if they have standard Node.js configuration for developers
This will solve your issue while keeping your connections secure. Note that the Sanity client itself uses Node.js's underlying HTTPS implementation, so Node.js-level certificate configuration (like NODE_EXTRA_CA_CERTS) is the correct approach rather than trying to configure the Sanity client directly.
Show original thread6 replies
Sanity – Build the way you think, not the way your CMS thinks
Sanity is the developer-first content operating system that gives you complete control. Schema-as-code, GROQ queries, and real-time APIs mean no more workarounds or waiting for deployments. Free to start, scale as you grow.