GitHub Actions - AxiosError: self-signed certificate DEPTH_ZERO_SELF_SIGNED_CERT

Hi there!
I am new to ghost so excuse me in advance for the newbie question :slight_smile: I am trying, following the official documentation, to run the deploy ghost theme GH action using a self hosted runner on my webserver. Below the action in my workflow file:

name: Deploy Theme
      - master
      - main
    runs-on: self-hosted
      - uses: actions/checkout@v4
      - name: Deploy Ghost Theme
        uses: TryGhost/action-deploy-theme@v1.6.6
          api-url: ${{ secrets.GHOST_ADMIN_API_URL }}
          api-key: ${{ secrets.GHOST_ADMIN_API_KEY }}

Unfortunatey, the deploy action fails with this error:

AxiosError: self-signed certificate
    at AxiosError.from (/home/***/ghost-blog/actions-runner/_work/_actions/TryGhost/action-deploy-theme/v1.6.6/dist/index.js:39527:14)
    at RedirectableRequest.handleRequestError (/home/***/ghost-blog/actions-runner/_work/_actions/TryGhost/action-deploy-theme/v1.6.6/dist/index.js:41777:25)
    at RedirectableRequest.emit (node:events:514:28)
    at eventHandlers.<computed> (/home/***/ghost-blog/actions-runner/_work/_actions/TryGhost/action-deploy-theme/v1.6.6/dist/index.js:5543:24)
    at ClientRequest.emit (node:events:514:28)
    at TLSSocket.socketErrorListener (node:_http_client:495:9)
    at TLSSocket.emit (node:events:514:28)
    at emitErrorNT (node:internal/streams/destroy:151:8)
    at emitErrorCloseNT (node:internal/streams/destroy:116:3)
    at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
    at Axios.request (/home/***/ghost-blog/actions-runner/_work/_actions/TryGhost/action-deploy-theme/v1.6.6/dist/index.js:42567:41)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async main (/home/***/ghost-blog/actions-runner/_work/_actions/TryGhost/action-deploy-theme/v1.6.6/dist/index.js:43140:9) {
  cause: Error: self-signed certificate
      at TLSSocket.onConnectSecure (node:_tls_wrap:1659:34)
      at TLSSocket.emit (node:events:514:28)
      at TLSSocket._finishInit (node:_tls_wrap:1070:8)
      at ssl.onhandshakedone (node:_tls_wrap:856:12) {

I have already installed the GitHub certificate in the ubuntu certificate store for my self-hosted runner. Also a copy of my letsenctypt certs for my domain are stored under /etc/ssl/certs.

Can someone kindly provide some suggestions?
Thanks in advance!

Is your website using a self-signed certificate?

thanks for the reply! the cert is issued by letsencrypt.
If I check it from the browser or with online tools like Qualys SSL Test, I see the correct issuer, but when I run openssl s_client -connect -servername < /dev/null | openssl x509 -noout -text directly from the server, I see:

depth=0 C = IT, ST = Milan, L = Milan, O = Fastweb, OU = NEXXT, CN =
verify error:num=18:self-signed certificate

I am going to ckeck the relevant conf on nginx.
Any suggestions are most than welcome :) Iā€™m using certbot to handle ssl on my server.
For the moment, I have implemented CICD using GitHub runners and of course it works great, but I would like to test a self hosted runner for this project.
thanks in advance

1 Like