#Custom domains — cert chain anchors at a root that Node 24 doesn't trust

3 messages · Page 1 of 1 (latest)

remote briarBOT
#

Hi @sand cargo. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

#

Your issue involves a TLS certificate chain validation failure (UNABLE_TO_GET_ISSUER_CERT_LOCALLY) when calling a Convex custom domain (cloud.adleap.io) from a Node.js 24 runtime on Vercel. This is a real and known problem area, but I need to be transparent about what the knowledge sources do and don't cover.

What the knowledge sources confirm

  1. TypeError: fetch failed with Node.js version issues is a recurring theme in Convex + Next.js setups. Multiple community members have encountered fetch failures tied to specific Node.js versions (particularly on Linux), with ETIMEDOUT or similar causes. [fetch failed thread; fetch failed SSR]

  2. Convex custom domains are served via Cloudflare and require a Pro plan. The CONVEX_CLOUD_URL environment variable controls which domain is used for API calls. [Custom Domains]

  3. Node.js runtime version selection for Convex functions is being worked on (moving from v18 toward v22/v24), but the details of how this interacts with TLS trust stores is not covered in the knowledge sources. [Node runtime thread]

What the knowledge sources do NOT cover

The specific issue you're describing — Node 24's trust store rejecting the AAA Certificate Services (Comodo 2004) root anchoring your Cloudflare-served chain — is not addressed in the available knowledge sources. This is a TLS/PKI compatibility issue between Node.js 24's bundled OpenSSL trust store and the certificate chain provisioned for your custom domain, which is outside the scope of what's documented here.

Recommended next steps

#
  • Contact Convex support directly at [email protected], as custom domain issues are explicitly mentioned as their support channel. [Custom Domains]
  • You may also want to check whether the AAA Certificate Services root is included in Node.js 24's bundled CA bundle, as this is a Node.js/OpenSSL trust store question rather than a Convex-specific one.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: