Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSLCertVerificationError #8200

Closed
dbirdflyshi opened this issue May 6, 2020 · 12 comments
Closed

SSLCertVerificationError #8200

dbirdflyshi opened this issue May 6, 2020 · 12 comments

Comments

@dbirdflyshi
Copy link

Windows 10 Anaconda

  • pip version: 20.0.2
  • Python version: 3.7
  • OS: Windows 10

Description
pip is giving an error only on my work laptop when I try to use pip. When i try to install any package using pip install X it gives an error about SSL error certificate verify failed. I need to know what I can give to IT for them to unblock in order for everyone on my network to be able to update and install packages. Adding --trusted-host pypi.org --trusted-host files.pythonhosted.org did not work and is not a viable solution for a corporation wide issue.

Expected behavior
I expect pip to properly install or update packages

How to Reproduce
writing 'pip install

Output

verbose output from running pip install

(base) C:\Users\andersd1>pip --verbose install pyrfc
Non-user install because site-packages writeable
Created temporary directory: C:\Users\andersd1\AppData\Local\Temp\1\pip-ephem-wheel-cache-t_glrgqz
Created temporary directory: C:\Users\andersd1\AppData\Local\Temp\1\pip-req-tracker-b0yj_681
Initialized build tracking at C:\Users\andersd1\AppData\Local\Temp\1\pip-req-tracker-b0yj_681
Created build tracker: C:\Users\andersd1\AppData\Local\Temp\1\pip-req-tracker-b0yj_681
Entered build tracker: C:\Users\andersd1\AppData\Local\Temp\1\pip-req-tracker-b0yj_681
Created temporary directory: C:\Users\andersd1\AppData\Local\Temp\1\pip-install-crb50bd0
1 location(s) to search for versions of pyrfc:
* https://pypi.org/simple/pyrfc/
Fetching project page and analyzing links: https://pypi.org/simple/pyrfc/
Getting page https://pypi.org/simple/pyrfc/
Found index url https://pypi.org/simple
Getting credentials from keyring for https://pypi.org/simple
Getting credentials from keyring for pypi.org
Looking up "https://pypi.org/simple/pyrfc/" in the cache
Request header has "max_age" as 0, cache bypassed
Starting new HTTPS connection (1): pypi.org:443
https://pypi.org:443 "GET /simple/pyrfc/ HTTP/1.1" 304 0
  Found link https://files.pythonhosted.org/packages/85/0b/fa0f8f7015907de5cd56570bd73e82163c91b423ea07c7a0ea2c93ccee75/pyrfc-0.1.0.tar.gz#sha256=9754db87ad27911b8e6c68d68418ed373ed3e24110d8ee60bdfdba64574d2d25 (from https://pypi.org/simple/pyrfc/), version: 0.1.0
  Found link https://files.pythonhosted.org/packages/39/38/35b4202d1267278d1d555b22e3618387175959ba80460ded3bb68d5b888b/pyrfc-0.1.1.tar.gz#sha256=ca44fbef87866ed5acbf16228e92db6a074c8f2b86d6fdca7b39a84d63bf3916 (from https://pypi.org/simple/pyrfc/), version: 0.1.1
  Found link https://files.pythonhosted.org/packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz#sha256=101ab6ac5c99025caf8d2f1e728dac1650d9b8a8c584120c670bc9ff32977578 (from https://pypi.org/simple/pyrfc/), version: 0.1.2
Given no hashes to check 3 links for project 'pyrfc': discarding no candidates
Using version 0.1.2 (newest of versions: 0.1.0, 0.1.1, 0.1.2)
Collecting pyrfc
  Created temporary directory: C:\Users\andersd1\AppData\Local\Temp\1\pip-unpack-18tpdz6f
  Getting credentials from keyring for files.pythonhosted.org
  Looking up "https://files.pythonhosted.org/packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz" in the cache
  No cache entry available
  Starting new HTTPS connection (1): files.pythonhosted.org:443
  Incremented Retry for (url='/packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz'): Retry(total=4, connect=None, read=None, redirect=None, status=None)
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'))': /packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz
  Starting new HTTPS connection (2): files.pythonhosted.org:443
  Incremented Retry for (url='/packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz'): Retry(total=3, connect=None, read=None, redirect=None, status=None)
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'))': /packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz
  Starting new HTTPS connection (3): files.pythonhosted.org:443
  Incremented Retry for (url='/packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz'): Retry(total=2, connect=None, read=None, redirect=None, status=None)
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'))': /packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz
  Starting new HTTPS connection (4): files.pythonhosted.org:443
  Incremented Retry for (url='/packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz'): Retry(total=1, connect=None, read=None, redirect=None, status=None)
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'))': /packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz
  Starting new HTTPS connection (5): files.pythonhosted.org:443
  Incremented Retry for (url='/packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz'): Retry(total=0, connect=None, read=None, redirect=None, status=None)
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)'))': /packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz
  Starting new HTTPS connection (6): files.pythonhosted.org:443
ERROR: Could not install packages due to an EnvironmentError.
Traceback (most recent call last):
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connectionpool.py", line 672, in urlopen
    chunked=chunked,
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connectionpool.py", line 376, in _make_request
    self._validate_conn(conn)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connectionpool.py", line 994, in _validate_conn
    conn.connect()
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connection.py", line 394, in connect
    ssl_context=context,
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\util\ssl_.py", line 370, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\ssl.py", line 423, in wrap_socket
    session=session
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\ssl.py", line 870, in _create
    self.do_handshake()
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\ssl.py", line 1139, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\requests\adapters.py", line 449, in send
    timeout=timeout
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connectionpool.py", line 760, in urlopen
    **response_kw
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connectionpool.py", line 760, in urlopen
    **response_kw
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connectionpool.py", line 760, in urlopen
    **response_kw
  [Previous line repeated 2 more times]
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\connectionpool.py", line 720, in urlopen
    method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\urllib3\util\retry.py", line 436, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
pip._vendor.urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\commands\install.py", line 331, in run
    resolver.resolve(requirement_set)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\legacy_resolve.py", line 177, in resolve
    discovered_reqs.extend(self._resolve_one(requirement_set, req))
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\legacy_resolve.py", line 333, in _resolve_one
    abstract_dist = self._get_abstract_dist_for(req_to_install)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\legacy_resolve.py", line 282, in _get_abstract_dist_for
    abstract_dist = self.preparer.prepare_linked_requirement(req)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\operations\prepare.py", line 482, in prepare_linked_requirement
    hashes=hashes,
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\operations\prepare.py", line 287, in unpack_url
    hashes=hashes,
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\operations\prepare.py", line 159, in unpack_http_url
    link, downloader, temp_dir.path, hashes
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\operations\prepare.py", line 299, in _download_http_url
    download = downloader(link)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\network\download.py", line 189, in __call__
    resp = _http_get_download(self._session, link)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\network\download.py", line 157, in _http_get_download
    stream=True,
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\requests\sessions.py", line 546, in get
    return self.request('GET', url, **kwargs)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_internal\network\session.py", line 405, in request
    return super(PipSession, self).request(method, url, *args, **kwargs)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\requests\sessions.py", line 533, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\requests\sessions.py", line 646, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\cachecontrol\adapter.py", line 53, in send
    resp = super(CacheControlAdapter, self).send(request, **kw)
  File "C:\Users\andersd1\AppData\Local\Continuum\anaconda3\lib\site-packages\pip\_vendor\requests\adapters.py", line 514, in send
    raise SSLError(e, request=request)
pip._vendor.requests.exceptions.SSLError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/94/34/9a2118bb4c4ba176075179385e06226b5225be338ba7e2216283e767df64/pyrfc-0.1.2.tar.gz (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)')))
Cleaning up...
Removed build tracker: 'C:\\Users\\andersd1\\AppData\\Local\\Temp\\1\\pip-req-tracker-b0yj_681'
@triage-new-issues triage-new-issues bot added the S: needs triage Issues/PRs that need to be triaged label May 6, 2020
@joo0ne
Copy link

joo0ne commented Jun 7, 2020

Same issue. I fixed it by updating requests and certifi with trusted-host option:
python -m pip install --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --trusted-host pypi.org --upgrade pip requests certifi

@adi928
Copy link

adi928 commented Jun 9, 2020

After a whole day of googling, I realized that this is still an existing problem and that the widespread solution of --trusted-host is not working behind a corporate network. Following is a run of one of the pip installs which I've tried and the corresponding output:
python -m pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --upgrade pip requests certify

WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/pip/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/pip/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/pip/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/pip/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/pip/
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))) - skipping
Requirement already up-to-date: pip in c:\users\anath\appdata\local\programs\python\python38-32\lib\site-packages (19.2.3)
Collecting requests
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/requests/
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/requests/
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/requests/
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/requests/
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))': /simple/requests/
  Could not fetch URL https://pypi.org/simple/requests/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/requests/ (Caused by SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))) - skipping
  ERROR: Could not find a version that satisfies the requirement requests (from versions: none)
ERROR: No matching distribution found for requests
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, '[SSL: UNEXPECTED_MESSAGE] unexpected message (_ssl.c:1108)'))) - skipping

One thing different with my situation that the rest of the world's problem is that I have not been getting SSL: CERTIFICATE_VERIFY_FAILED. But it is SSL: UNEXPECTED_MESSAGE, which leads me to believe trusted-host is not the fix.

@kwinz
Copy link

kwinz commented Feb 1, 2022

@adi928 I have the same issue with UNEXPECTED_MESSAGE. Did you ever find a fix?

@fredericoschardong
Copy link

Same here, any luck @kwinz or @adi928 ?

@adi928
Copy link

adi928 commented Mar 19, 2022

Same here, any luck @kwinz or @adi928 ?
@adi928 I have the same issue with UNEXPECTED_MESSAGE. Did you ever find a fix?

I eventually spun up my own server with the wheel/package hosted in it, (using the python httpServer) and used that to install stuff. Not exactly a fix, but a workaround.

@fredericoschardong
Copy link

Thanks @adi928. My issue was with the system's openssl lib. Fixed that and everything worked.

@longhibianca
Copy link

Same here, in a corporate network. I tried a lot of commands using --trusted-host, but didn't work. I created a pip.ini in C:\programdata\pip and put this lines, but didn't work too:
[global]
cert =C:\Users\bianca\AppData\Local\Programs\Python\Python39\Lib\site-packages\pip_vendor\certifi\cacert.pem
trusted-host = pypi.python.org
pypi.org
files.pythonhosted.org

I verified and exists cacert.pem on the machine.
@fredericoschardong can you tell me how you fixed the problem with openssl lib, please?

I have been getting SSL: CERTIFICATE_VERIFY_FAILED when uses pip command and when i've try to webscraping a page in my application.
Error:
HTTPSConnectionPool(host='url', port=443): Max retries exceeded with url: /LATEST_RELEASE_99 (Caused by SSLError(SSLCertVerificationError(1, [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c: 1091)),))

Can anyone help me?

@pradyunsg
Copy link
Member

Can anyone help me?

The best people to hel you would be your company's IT support professionals/collegues.

@longhibianca
Copy link

@pradyunsg I've searched for help, but anyone knows what to do. On last friday the application was working perfectly. The problem starts on monday. We don't know what could be happened to starts the error

@pradyunsg
Copy link
Member

Nothing changed in pip over the weekend, so this has to be related to the infrastructure that is specific to your company. I don't think that random volunteers can do much to help you diagnose issues in your company-specific infrastructure.

@fredericoschardong
Copy link

@fredericoschardong can you tell me how you fixed the problem with openssl lib, please?

My problem was that I was messing with the system's openssl. I was replacing it with another openssl implementation that messed with the algorithms. It replaced all signing algorithms (RSA, etc) with post-quantum alternatives. So my docker image could not perform a TLS handshake with any website using regular TLS.

@pradyunsg
Copy link
Member

If you're in an organisation's network and pip is having SSL issues, I recommend reaching out to your collegues and/or the folks who maintain the IT infrastructure for assistance. If you are the IT person, I suggest looking at what the SSL connection is like, what algorithms are being used and whether the correct certificates are available to pip (pip config list is useful for this). The issue is likely somewhere on the machine being used, the network connectivity or how the user has configured pip.

Finally, to reiterate what I said earlier:

I don't think that random volunteers can do much to help you diagnose issues in your company-specific infrastructure.

This was referenced Apr 8, 2022
Closed
Closed
@github-actions github-actions bot locked as resolved and limited conversation to collaborators May 9, 2022
@pradyunsg pradyunsg removed the S: needs triage Issues/PRs that need to be triaged label Mar 17, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@kwinz @adi928 @pradyunsg @fredericoschardong @longhibianca @joo0ne @dbirdflyshi