[SOLVED] request to https://api-m.sandbox.paypal.com/v1/oauth2/token failed, reason: unable to get local issuer certificate, nodejs, cPanel

request to https://api-m.sandbox.paypal.com/v1/oauth2/token failed, reason: unable to get local issuer certificate, nodejs, cPanel

I'm creating a nodejs app with paypal buttons. The app works on local computer just fine, but I have problems with integrating it with cPanel. The application works as a server behind the passenger reverse port binding and tries to fetch data from PayPal. I'm following paypal standard integration from https://github.com/paypal-examples/docs-examples/tree/main/standard-integration which uses node-fetch to fetch data from PayPal. And got an error on trying to create a token when the user initiates payment by clicking a PayPal 'buy now' button:

request to https://api-m.sandbox.paypal.com/v1/oauth2/token failed, reason: unable to get local issuer certificate

I've tried to resolve this error by installing syswide-cas module (which should allow me to load a whole directory with SSL certificates provided by cPanel (/ssl/certs)) but got a similar error from npm:

37 silly fetch manifest syswide-cas@^5.3.0
38 timing arborist:ctor Completed in 0ms
39 silly placeDep ROOT syswide-cas@ OK for: @paypalcorp/standard-integration@1.0.0 want: ^5.3.0
40 timing idealTree:#root Completed in 70142ms
41 timing idealTree:node_modules/syswide-cas Completed in 0ms
42 timing idealTree:buildDeps Completed in 70144ms
43 timing idealTree:fixDepFlags Completed in 1ms
44 timing idealTree Completed in 70255ms
45 timing command:install Completed in 70267ms
46 verbose type system
47 verbose stack FetchError: request to https://registry.npmjs.org/syswide-cas failed, reason: unable to get local issuer certificate
47 verbose stack     at ClientRequest.<anonymous> (/opt/alt/alt-nodejs18/root/usr/lib/node_modules/npm/node_modules.bundled/minipass-fetch/lib/index.js:130:14)
47 verbose stack     at ClientRequest.emit (node:events:513:28)
47 verbose stack     at TLSSocket.socketErrorListener (node:_http_client:502:9)
47 verbose stack     at TLSSocket.emit (node:events:525:35)
47 verbose stack     at emitErrorNT (node:internal/streams/destroy:151:8)
47 verbose stack     at emitErrorCloseNT (node:internal/streams/destroy:116:3)
47 verbose stack     at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
49 verbose Linux 4.18.0-425.19.2.lve.el7h.x86_64
50 verbose node v18.16.0
51 verbose npm  v9.5.1
52 error code UNABLE_TO_GET_ISSUER_CERT_LOCALLY
53 error errno UNABLE_TO_GET_ISSUER_CERT_LOCALLY
54 error request to https://registry.npmjs.org/syswide-cas failed, reason: unable to get local issuer certificate

How to solve this issue either using syswide-cas module or not? I don't have access to a console on cPanel and don't want to use unsafe practices.

Solution

Problem solved without syswide-cas module.

What was needed was ca cert bundle ( for example one form curl.se/docs/caextract.html as Preston PHX suggested in their comment)

and SSL_CERT_FILE variable in the .env file with path to the ca cert bundle as a value.

.env:

SSL_CERT_FILE="./cacert.pem"