Yin YangPutzi San
A glowing, futuristic cyber padlock surrounded by abstract geometric shapes in vibrant blue and purple tones, with floating elements and an ethereal glow in a clean, high-tech environment.

How to Fix mkcert HTTPS Certificate Errors in Deno

If you encounter the following error when using mkcert for local HTTPS in Deno:

error: TypeError: error sending request for url (https://...): client error (Connect): invalid peer certificate: UnknownIssuer

Try setting the environment variable DENO_TLS_CA_STORE=system. For example:

DENO_TLS_CA_STORE=system deno test -A app-e2e.test.ts

Be aware that using system can significantly slow down startup (roughly 7.5x). For more details, see this Deno issue. Given the performance cost, it is not recommended to set DENO_TLS_CA_STORE=system as a default in your scripts.

Further Information: DENO_TLS_CA_STORE=system

The DENO_TLS_CA_STORE environment variable was introduced in Deno v1.13, as described here: https://deno.com/blog/v1.13#use-system-certificate-store-for-tls:

Up until this release, Deno has only supported trusting the bundled Mozilla root CA store, and individual additional certificates with the --cert flag.
(...)
Deno now has the ability to use the system root CA store by setting the environment variable DENO_TLS_CA_STORE=system.
On macOS certificates are loaded from the keychain, on Windows they are loaded from the system certificate store, and on Linux the system CA bundle is read from well known paths on disk. Specifying this argument will disable the builtin CA store.