Common SSL Issues on Python and How to Fix it

John Doe ·

2351 Views

SSL certificate_verify_failed errors typically occur as a result of outdated Python default certificates or invalid root certificates.

When client receives the server’s certificate, it begins chaining that certificate back to its root. It will begin by following the chain to the intermediate that has been installed, from there it continues tracing backwards until it arrives at a trusted root certificate.

If the certificate is valid and can be chained back to a trusted root, it will be trusted. If it can’t be chained back to a trusted root, the browser will issue a warning about the certificate.

 

Common issues : 

  • CERTIFICATE_VERIFY_FAILED
  • [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate.
HTTPSConnectionPool(host='oriel.com' , port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

 

How to fix it : 

We will have several ways to fix this issue in this article.  We will skip the SS certificate check in the first three solutions.  For the fourth solution, we are going to install the latest CA certificate from certifi.

Common Quick Fixes for All OS :

import ssl 
import certifi from urllib.request 
import urlopen 

request = "https://nd-123-456-789.p2pify.com/901c7d18b72538fd3324248e1234"
urlopen(request, context=ssl.create_default_context(cafile=certifi.where()))

 

Or we can try it in several ways as per in below articles

1. Create unverified context in SSL

import ssl
context = ssl._create_unverified_context()
urllib.request.urlopen(req,context=context)

 

2. Create unverified https context in SSL

import ssl
ssl._create_default_https_context = ssl._create_unverified_context
urllib2.urlopen(“https://google.com”).read()

 

3. Use requests module and set ssl verify to false

requests.get(url, headers=Hostreferer,verify=False)

* It's not recommended to use verify=False in your organization's environments. This is essentially disabling SSL verification.

Sometimes, when you are behind a company proxy, it replaces the certificate chain with the ones of Proxy. Adding the certificates in cacert.pem used by certifi should solve the issue. I had similar issue. Here is what I did, to resolve the issue -

  1. Find the path where cacert.pem is located -

Install certifi, if you don't have. Command: pip install certifi

import certifi
certifi.where()
C:\\Users\\[UserID]\\AppData\\Local\\Programs\\Python\\Python37-32\\lib\\site-packages\\certifi\\cacert.pem
  1. Open the URL on a browser. Download the chain of certificates from the URL and save as Base64 encoded .cer files.

  2. Now open the cacert.pem in a notepad and just add every downloaded certificate contents (---Begin Certificate--- *** ---End Certificate---) at the end.

 

4. Update SSL certificate with PIP

It is likely that the SSL certificate issued by the server is not trusted on your client. To fix this, you can either use a trusted certificate from a recognized certificate authority on the API end, or add the certificate authority from your API to your client. if the error stay, try these commands to update your SSL certificate libs With PIP. All we would have to do is to update our SSL certificate directory with the following piece of code:

if older version of python3

pip install –upgrade certifi

if newer version of python3

python -m pip install --upgrade certifi

What this command does is update our system’s SSL certificate directory.

This will ensure that your client has the latest version of the library, which includes a set of trusted root certificates that may be needed to verify SSL certificates.

 

5. Update SSL certificate with certifi (MacOS only)

All we would have to do is to run command with the following piece of code:

- Press "command + space" button or open Spotlight
- type "Install Certificates.command"

What this command does is update our system’s SSL certificate directory for MacOS.

 

https://support.chainstack.com/hc/en-us/articles/9117198436249-Common-SSL-Issues-on-Python-and-How-to-Fix-it

here is my code import requests; url='that website'; headers={ 'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8', 'Accept-Language':'zh-CN,zh;q=0....
I am trying to make an HTTPS request to a URL using Python requests library and certifi library as follows: import certifi url = 'https://10.0.0.39:4455/api/cars' response = requests.get(url, verify=
Python Django error: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)> Exception Location: /usr/lib/python3.8/u...
When sending a request to a specific URL I get an SSL error and I am not sure why. First please see the error message I am presented with: requests.exceptions.SSLError: HTTPSConnectionPool(host='di...
I am attempting to scrape text off of websites, and I am using the requests module to do so. With the given code (Facebook as an example here) requests.get('http://facebook.com') I receive back the

ssl python