mirror of
https://github.com/actualbudget/actual.git
synced 2026-07-16 07:04:23 -05:00
Closed
opened 2026-05-29 11:52:49 -05:00 by GiteaMirror
·
18 comments
No Branch/Tag Specified
master
dependabot/npm_and_yarn/npm_and_yarn-cd62b4b37a
api-browser-custom-data-dir
tabedzki/feat/replacing-month-picker-with-day-picker
delay-initial-sync-until-loaded
jfdoming/mobile-app-build
cross-version-sync-compat
jfdoming/api-tokens-part-1
jfdoming/api-tokens-part-2
jfdoming/api-tokens-part-3
jfdoming/mobile-app-updates
claude/budget-version-migration-compat-151jlr
claude/worker-error-serialization-9iqtl7
claude/react-table-library-research-afx83z
claude/issue-8401-regression-test-9nw9l3
jfdoming/mobile-app-foundation-part-1
jfdoming/mobile-app-scaffold
release
ai-fix-cleanup-def-8290
claude/relaxed-shannon-jusywa
claude/fervent-keller-s6f2fq
claude/determined-feynman-st1y9z
claude/wizardly-einstein-vi2wce
claude/sweet-albattani-7nseio
feat/bank-sync-per-budget-file
claude/affectionate-cannon-y0kc82
claude/dependabot-findings-m9pgmb
claude/mac-app-ios-publish-zjs1lz
claude/vigilant-tesla-aiiyos
depot-migrate-secrets-1781296330308
claude/quirky-cerf-v5qck7
claude/animation-removal-alternative-2etfh1
claude/netlify-preview-comments-consolidate-9XPYa
osc/7391-error-boundaries-reports
claude/pensive-dijkstra-7DYui
claude/server-app-version-mismatch-HTCGv
claude/pr-8027-review-feedback-mELuO
claude/zealous-wozniak-e5pO0
claude/intelligent-heisenberg-BSHJq
claude/translation-download-refactor-jFRsO
claude/mobile-performance-ideas-G9PAO
claude/github-issue-7988-5A5ly
blacksmith-migration-ff70d2d
claude/great-mayer-KRvOk
claude/react-native-ios-compilation-fcJh5
claude/serene-goldberg-58xv0
claude/kind-euler-LVG3K
release-automation/edge-nightly
7710-bundle-migrations
claude/fix-docker-build-error-WMfed
claude/llm-compatible-release-notes-t20Nr
7710-tests-tdd
cursor/transaction-table-rewrite-f077
claude/plan-ci-secure-context-OtEe1
claude/fix-issue-7667-DPXi3
cursor/resolve-pr-7449-ee11
claude/fix-typescript-build-error-JPtZ5
copilot/add-repository-configs-to-packages
worktree-compressed-drifting-ritchie
claude/api-consumer-verification-kfz1K
pr-7454
claude/fix-issue-7410-LLLQ4
revert-7281-generate-icons
react-query-useSchedules
copilot/sub-pr-6140
package-upgrades
v26.7.0
v26.6.0
v26.5.2
v26.5.1
v26.5.0
v26.4.0
v26.3.0
v26.2.1
v26.2.0
v26.1.0
v25.12.0
v25.11.0
v25.10.0
v25.9.0
v25.8.0
v25.7.1
v25.7.0
v25.6.1
v25.6.0
v25.5.0
v25.4.0
v25.3.1
v25.3.0
v25.2.1
v25.2.0
v25.1.0
v24.12.0
v24.11.0
v24.10.1
v24.10.0
v24.9.0
v24.8.0
v24.7.0
v24.6.0
v24.5.0
v24.4.0
v24.3.0
v24.2.0
v24.1.0
v23.12.0
v23.11.0
v23.10.0
v23.9.0
v23.8.1
v23.8.0
v23.7.2
v23.7.1
v23.7.0
v23.6.0
v23.5.0
v23.4.2
v23.4.1
v23.4.0
v23.3.2
v23.3.0
v23.2.9
v23.2.5
v23.1.12
v22.12.9
Labels
Clear labels
AI generated
API
bank sync
budgeting
bug
can’t replicate
dependencies
docker
documentation
electron
experimental feature
feature
feedback
goal templates
good first issue
help wanted
importers
maintenance
needs info
needs testing
needs triage
needs votes
openid
payees
pull-request
regression
reports
responsive
rules
schedules
server
✨ merged
split transactions
tech debt
tech-support
theme
transaction import
transaction reconciliation
transactions
translations
upstream
user interface
✅ approved
wontfix
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/actual#98765
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @atrueresistance on GitHub (Aug 22, 2024).
Original GitHub issue: https://github.com/actualbudget/actual/issues/3304
Verified issue does not already exist?
What happened?
I'm having an issue with the web server connecting to the desktop application.
The server is up and running using HTTPS and a self signed cert.

Having a self signed cert, you would normally be prompted in Chrome stating that the certificate is not valid. It's probably not the best way to go about it, but if you add it to the Trusted Root Certification Authorities for the current user Chrome inherently trusts it solving the warning. At least on the local machine for the current logged on user. I don't intend on opening the server to the outside, just LAN connection is good enough for me.

The desktop application is being ran on the same machine and user that the certificate was added to the Trusted Root Certification Authorities store.
Where are you hosting Actual?
Docker
What browsers are you seeing the problem on?
Desktop App (Electron)
Operating System
Windows 11
@MikesGlitch commented on GitHub (Aug 22, 2024):
Confirmed - I'm seeing this also. This may be tricky - we do n't want to turn off TLS validation for security reasons. Having said that, disabling it does work:
Anyone got any thoughts on the best approach here?
@psybers commented on GitHub (Aug 22, 2024):
https://stackoverflow.com/questions/38986692/how-do-i-trust-a-self-signed-certificate-from-an-electron-app
@atrueresistance commented on GitHub (Aug 22, 2024):
I'll start of with I know nothing of electron apps. I do agree that TLS validation off is not the default way to ship.
I'm not sure how much work it would be, but would it be possible to have a configuration item in the desktop app that whitelists a specific certificate serial number?
https://www.electronjs.org/docs/latest/api/session#sessetcertificateverifyprocproc
If the certificate is installed in the current user's certificate store can the desktop app use is directly from the store?
@MikesGlitch commented on GitHub (Aug 22, 2024):
We have a bit of an odd setup, we run our loot-core server process (that calls the API and gets the error) in a forked process.
I think that means the session's setCertificateVerifyProc won't pick it up.
Maybe we can configure node-fetch for Electron to figure out the root store 🤔
@MikesGlitch commented on GitHub (Aug 24, 2024):
I have a draft pr up - as expected the electron setCertificateVerifyProc wont work. The only way to make it work is for the user to specify the cert that they want to trust.
@atrueresistance How did you generate your cert? I used makecert to test but want to make sure it also works on your config.
@atrueresistance commented on GitHub (Aug 24, 2024):
@MikesGlitch I used the same command as in the documentation except with a subject alternative name to match the hostname.
openssl req -x509 -nodes -days 365 -addext "subjectAltName = DNS:orangepi3-lts" -newkey rsa:2048 -keyout selfhost.key -out selfhost.crt@MikesGlitch commented on GitHub (Aug 24, 2024):
Thanks, I have a build here: https://github.com/actualbudget/actual/actions/runs/10541997136/job/29208287390?pr=3308
Can you confirm if it fixes this issue? If you try it, don't forget to backup your budget first.
@atrueresistance commented on GitHub (Aug 26, 2024):
This app package’s publisher certificate could not be verified. Contact your system administrator or the app developer to obtain a new app package with verified certificates. The root certificate and all immediate certificates of the signature in the app package must be verified (0x800B010A)@MikesGlitch commented on GitHub (Aug 26, 2024):
That's what we'd expect for the appx installer - it's for the windows store.
Try the "actual-electron-windows-latest" artifact, that should install as per usual.
@atrueresistance commented on GitHub (Aug 26, 2024):
Is there a link? Sorry I'm not sure where I should be looking.
@MikesGlitch commented on GitHub (Aug 26, 2024):
Ah, this is the direct link to the download: https://github.com/actualbudget/actual/actions/runs/10541997136/artifacts/1850858005
Here's the PR, if interested: https://github.com/actualbudget/actual/pull/3308
@atrueresistance commented on GitHub (Aug 27, 2024):
@MikesGlitch I was able to download the latest and get it running with the self signed cert.
Thank you so much!

@crzdg commented on GitHub (Aug 27, 2024):
Nice. I will soon test this as well. Im using Caddy as proxy, so a short-lived certificate. Can I trust the Intermediate / Root, so the short-lived signed certs work?
@MikesGlitch commented on GitHub (Aug 28, 2024):
I'm not too familiar with Caddy so couldn't say. You can trust a certificate that is locally on the PC that is .crt or .pem format.
@MikesGlitch commented on GitHub (Aug 28, 2024):
Closed by https://github.com/actualbudget/actual/pull/3308
@wgregbrown commented on GitHub (Mar 16, 2025):
Is there anywhere to still get the desktop client that will work with self signed certs. @MikesGlitch put a link
https://github.com/actualbudget/actual/actions/runs/10541997136/job/29208287390?pr=3308
But its empty now.
@MikesGlitch commented on GitHub (Mar 17, 2025):
The latest release has it. You can get it from the GitHub releases page
On Sun, 16 Mar 2025, 23:19 wgregbrown, @.***> wrote:
@neobladerunner commented on GitHub (Apr 4, 2026):
I'm experiencing this issue with latest version 26.3.0 via Flathub. I've generated a self-signed cert via mkcert and can load the app fine via the browser from any device on my network. The desktop app states:
I followed the instructions here to import the root certificate to the desktop app from the device Actual is running on, but the UI doesn't seem to do anything when I import it. Clicking on OK doesn't clear the red error message, and I can't tell if it's rejecting the cert file or not seeing it at all. I suppose I should just use the web client but wanted to try the desktop app if I could.