I followed this tutorial for setting up the https in local development machine: https://dev.to/nakib/using-https-on-next-js-local-development-server-bcd

And here's the code that I used:

const { createServer } = require("https");
const { parse } = require("url");
const next = require("next");
const fs = require("fs");
const port = 3000;
const dev = process.env.NODE_ENV !== "production";
const app = next({ dev });
const handle = app.getRequestHandler();

const httpsOptions = {
    key: fs.readFileSync('/some/path/to/rootCA-key.pem'),
    cert: fs.readFileSync('/some/path/to/rootCA.pem')
};



app.prepare().then(() => {
    createServer(httpsOptions, (req, res) => {
        const parsedUrl = parse(req.url, true);
        handle(req, res, parsedUrl);
    }).listen(port, (err) => {
        if (err) throw err;
        console.log("ready - started server on url: https://localhost:" + port);
    });

});

And am using NextAuth for authentication. Everything works fine (even the authentication) if I try to access any normal pages in my app. But if I access an API endpoint of my application, where I try to retrieve the session data using const session = await getSession({ req }), it throws the following error:

[next-auth][error][CLIENT_FETCH_ERROR] 
https://next-auth.js.org/errors#client_fetch_error request to https://localhost:3000/api/auth/session failed, reason: unsupported certificate purpose {
  error: {
    message: 'request to https://localhost:3000/api/auth/session failed, reason: unsupported certificate purpose',

I believe it's because of the SSL certificate that I setup. I checked the link mentioned in the error message and NEXTAUTH_URL in the env file is correct. Is there anyway to bypass this issue?

next-auth don't trust the self-signed cert even when making internal api calls internally.
Quickest fix is add NODE_TLS_REJECT_UNAUTHORIZED=0 to .env.local, but don't do this on production.

// Somehow NODE_EXTRA_CA_CERTS=/path/to/selfsigned.crt never work for me.