A private key was not found for a certificate.

Q: How to fix Node.js ERR_CRYPTO_KEY_NOT_FOUND A private key was not found for a certificate.?

Provide Both Certificate and Key: When creating a `tls.Server` or `https.Server`, ensure that the options object contains both the `cert` (public certificate) and the `key` (private key).

Production Risk

Low. This is a server startup error that prevents the service from listening for connections, so it is always caught before going live.

What this means

This error occurs in TLS/SSL contexts when a certificate is provided without a corresponding private key. A secure server needs both a public certificate to send to clients and a private key to decrypt their messages. This error indicates the private key is missing from the secure context.

Why it happens

1Providing a certificate to `tls.createSecureContext()` but omitting the `key`.
2The private key is in an incorrect format or is password-protected and no passphrase was provided.
3File system errors preventing the private key file from being read.

How to reproduce

This error is thrown when a secure context is being created for a TLS server or client, and the provided certificate cannot be paired with a valid private key.

trigger — this will error

const tls = require('tls');
const myCert = '...'; // Contents of a PEM certificate

try {
  // The 'key' option is missing.
  tls.createSecureContext({ cert: myCert });
} catch (err) {
  console.error(err.code);
}

expected output

ERR_CRYPTO_KEY_NOT_FOUND

Fix

Provide Both Certificate and Key

WHEN Creating a secure TLS context.

Provide Both Certificate and Key

const tls = require('tls');
const fs = require('fs');

const options = {
  cert: fs.readFileSync('path/to/cert.pem'),
  key: fs.readFileSync('path/to/key.pem')
};

const secureContext = tls.createSecureContext(options);

Why this works

When creating a `tls.Server` or `https.Server`, ensure that the options object contains both the `cert` (public certificate) and the `key` (private key).

Code examples

Triggerjs

const tls = require('tls');
const myCert = '...'; // Contents of a PEM certificate

try {
  // The 'key' option is missing.
  tls.createSecureContext({ cert: myCert });  // this triggers ERR_CRYPTO_KEY_NOT_FOUND

Handle in try/catchjs

try {
  // operation that may throw ERR_CRYPTO_KEY_NOT_FOUND
  riskyOperation()
} catch (err) {
  if (err.code === 'ERR_CRYPTO_KEY_NOT_FOUND') {
    console.error('ERR_CRYPTO_KEY_NOT_FOUND:', err.message)
  } else {
    throw err
  }
}

Defensive pattern to avoid itjs

// Validate inputs before calling the operation
function safe_err_crypto_key_not_found(...args) {
  // validate args here
  return performOperation(...args)
}

What not to do

Same error in other languages

ssl.SSLErrorin Python→

Sources

Official documentation ↗

https://github.com/nodejs/node/blob/main/src/crypto/crypto_tls.cc

More information ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformNode.js Error Codes

CodeERR_CRYPTO_KEY_NOT_FOUND

ClassCrypto

SeverityERROR

TierNotable

ConfidenceHIGH

← All Node.js errors