Worker Fetch "certificate is not trusted"

"TLS peer’s certificate is not trusted; reason = unable to get local issuer certificate "
worker fetch returns this error . But the site seems “OK” at other browsers.

How can I solve it, thanks .

Do you get the same error after deploying the Worker? The preview feature works differently from production.

Yes, I am still getting it. I got me “SSL Error” on preview environment . But in Production after deploy it never responds as in pitcture.

no responding to this line of command .

Could you share the URL you’re trying to fetch()?

Yes, I can share some of them .

async function handleRequest(request) {
const init = {
      method: 'POST',
      headers: {
        'content-type': 'application/x-www-form-urlencoded',
        'Authorization': "Basic Something"

const token = await fetch("", init);       
const results = await gatherResponse(token);
return new Response(JSON.stringify({success:true,results:results}), {
      headers: { 
          "Content-Type": "application/json",
          "Cache-Control": "public, max-age=0, s-maxage=0",
async function gatherResponse(response) {
  const { headers } = response;
  const contentType = headers.get('content-type') || '';
  if (contentType.includes('application/json')) {
    return JSON.stringify(await response.json());
  } else if (contentType.includes('application/text')) {
    return response.text();
  } else if (contentType.includes('text/html')) {
    return response.text();
  } else {
    return response.text();

Hi again. Thanks for sharing the URL!

I’ve run some tests and it appears Cloudflare is overriding the port to 80 and 443 for http:// and https:// respectively. This means when you try to fetch, the request will actually be sent to port 443 - and port 443 on is not responding. I believe this limitation is for security reasons.

The solution to this problem is creating a DNS record in Cloudflare that points to the IP of and then use that domain in your fetch call. This is because you are free to use any port when the target domain is in your zone. The only other solution, as far as I’m aware, is to simply make your web-server listen on port 443.

1 Like

Thank you for your explanation and solution. And also I agree to your solutions to this problem. But unfortunately it was about 3rd party payment company’s api and I am not able to proxy their ip according to terms.

I am trying to the alternatives such as google cloud functions.
Thank you so much and appreciate for your help.

1 Like