github-starred/actual
2
0
Fork 0
mirror of https://github.com/actualbudget/actual.git synced 2026-05-06 15:12:35 -05:00
Code Issues 1.5k Packages Projects Releases 54 Wiki Activity

[Bug]: Electron App cannot sign in with self-signed certs when cert contains non-English alphabet characters. #1867

New Issue
Open
opened 2026-02-28 19:56:42 -06:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-02-28 19:56:42 -06:00
Owner
Copy Link

Originally created by @StoobertB on GitHub (Feb 16, 2025).

Verified issue does not already exist?

  • I have searched and found no existing issue

What happened?

I cannot confirm this on any other OS other than Windows 10 and Windows 11.

When trying to sign in to a self-hosted server protected by a self-signed certificate, you are prompted to provide the CA certificate to validate the server.
If the certificate is named, OR resides in a folder on the OS containing a character not present in the English alphabet (ø å æ õ for example) then the certificate cannot be imported and login fails.

Opening the developer tools shows a pair of traces as follows:

File name containing a European character:

Server Log: Warning: Ignoring extra certs from `C:\hello\internalæ.crt`, load failed: 
error:02000002:system library:OPENSSL_internal:No such file or directory

Folder name containing a European character:

Server Log: Warning: Ignoring extra certs from `C:\hellõ\internal.crt`, load failed:
error:02000003:system library:OPENSSL_internal:No such process

Server Log: TypeError: fetch failed
    at node:internal/deps/undici/undici:12345:11
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async lf (C:\Program Files\WindowsApps\actualbudget.org.ActualBudget_25.2.1.0_x64__6q3amkrs0bv0p\app\resources\app.asar\build\loot-core\lib-dist\electron\bundle.desktop.js:83:5067)
    at async Eu.subscribe-needs-bootstrap (C:\Program Files\WindowsApps\actualbudget.org.ActualBudget_25.2.1.0_x64__6q3amkrs0bv0p\app\resources\app.asar\build\loot-core\lib-dist\electron\bundle.desktop.js:313:4561) {
  cause: Error: unable to verify the first certificate
      at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34)
      at TLSSocket.emit (node:events:518:28)
      at TLSSocket._finishInit (node:_tls_wrap:1085:8)
      at ssl.onhandshakedone (node:_tls_wrap:871:12) {
    code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE'
  }
}

Moving the certificate to another folder and ensuring the filename doesn't contain these characters works as expected.

How can we reproduce the issue?

Attempt to import a self-signed certificate containing å, ø, æ, õ, ã, or similar character from outside of the US alphabet.

Where are you hosting Actual?

Docker

What browsers are you seeing the problem on?

Desktop App (Electron)

Operating System

Windows 11

Originally created by @StoobertB on GitHub (Feb 16, 2025). ### Verified issue does not already exist? - [x] I have searched and found no existing issue ### What happened? I cannot confirm this on any other OS other than Windows 10 and Windows 11. When trying to sign in to a self-hosted server protected by a self-signed certificate, you are prompted to provide the CA certificate to validate the server. If the certificate is named, OR resides in a folder on the OS containing a character not present in the English alphabet (ø å æ õ for example) then the certificate cannot be imported and login fails. Opening the developer tools shows a pair of traces as follows: File name containing a European character: ```bash Server Log: Warning: Ignoring extra certs from `C:\hello\internalæ.crt`, load failed: error:02000002:system library:OPENSSL_internal:No such file or directory ``` Folder name containing a European character: ```bash Server Log: Warning: Ignoring extra certs from `C:\hellõ\internal.crt`, load failed: error:02000003:system library:OPENSSL_internal:No such process ``` ```bash Server Log: TypeError: fetch failed at node:internal/deps/undici/undici:12345:11 at process.processTicksAndRejections (node:internal/process/task_queues:95:5) at async lf (C:\Program Files\WindowsApps\actualbudget.org.ActualBudget_25.2.1.0_x64__6q3amkrs0bv0p\app\resources\app.asar\build\loot-core\lib-dist\electron\bundle.desktop.js:83:5067) at async Eu.subscribe-needs-bootstrap (C:\Program Files\WindowsApps\actualbudget.org.ActualBudget_25.2.1.0_x64__6q3amkrs0bv0p\app\resources\app.asar\build\loot-core\lib-dist\electron\bundle.desktop.js:313:4561) { cause: Error: unable to verify the first certificate at TLSSocket.onConnectSecure (node:_tls_wrap:1674:34) at TLSSocket.emit (node:events:518:28) at TLSSocket._finishInit (node:_tls_wrap:1085:8) at ssl.onhandshakedone (node:_tls_wrap:871:12) { code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' } } ``` Moving the certificate to another folder and ensuring the filename doesn't contain these characters works as expected. ### How can we reproduce the issue? Attempt to import a self-signed certificate containing å, ø, æ, õ, ã, or similar character from outside of the US alphabet. ### Where are you hosting Actual? Docker ### What browsers are you seeing the problem on? Desktop App (Electron) ### Operating System Windows 11
GiteaMirror added the electronbug labels 2026-02-28 19:56:42 -06:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
Mirrored from GitHub Pull Request
 regression
reports
responsive
rules
schedules
server
merged
split transactions
tech debt
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
approved
wontfix
No Label bug electron
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/actual#1867
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?