balena login fails with Invalid token or certificate issue

My setup is as follows:

  • Ubuntu 18.04 Linux VM with Balena CLI installed using the standalone installer file and updated the PATH appropriately.

  • Working behind a proxy, so I have set the proxy settings (which work fine for curl, wget, etc, so I know they’re right). They are set using environment variables http_proxy and https_proxy

  • Based on some related answers from googling, I’ve also performed npm config as follows where $MY_PROXY is initialized to my corporate proxy, and have verified that the settings are right with npm config list.

npm config set proxy $MY_PROXY
npm config set https-proxy $MY_PROXY
  • I have a Balena Cloud account and can log in via the web browser and see my devices.

But balena login just doesn’t seem to work for me.

Web authorization method: With the web authorization approach, after I click the “Authorize” button in the browser, the browser just says “Something went wrong, You couldn’t login to the balena CLI for some reason”.
The terminal displays “Invalid token” followed by a lot of information (which I can post if it might help.)

Credentials method: I’ve tried both the menu-based approach where I entered the username and password at the prompt, as well as the `balena login --credentials --email xxx --password xxx" method. They both result in the following error:

UNABLE_TO_GET_ISSUER_CERT_LOCALLY: request to failed, reason: unable to get local issuer certificate
FetchError: request to failed, reason: unable to get local issuer certificate

I can provide the rest of the large amount of output that goes with the error if that would help.

Any thoughts on what I’m doing wrong?

Hi there. It appears that you are missing some CA certificates on your /etc/ssl/certs/ local folder, or somewhere on the way. That results in a failure to get local issuer certificate during the tls handshake/negotiation process.

I had all the certificates installed okay.

It seems that node needs to be told where the local certificate is via an environment variable, e.g.

export NODE_EXTRA_CA_CERTS=/etc/ssl/certs/mycertificate.pem

(Replace mycertificate.pem with your company-provided certificate.)

That fixed the problem when working behind a proxy. Both web-based and credentials-based login work now.


Thank you for the followup on this Ravi, this is very useful information for others who may be in a similar situation.