Solving Python SSL certificate verify failed on Linux / SGE
source link: https://chanind.github.io/python/2023/08/30/python-ssl-certificate-verify-failed.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Solving Python SSL certificate verify failed on Linux / SGE
Aug 30, 2023
On a system I’ve been working on I’ve been plagued by SSL errors whenever Python would try to download something from the internet. I know it’s possible to edit the requests to not verify SSL certs, but this is code in a third-party library (e.g. nltk.download
) which I cannot edit easily. And even if I could, it’s unsettling to disable SSL verification since that opens you up to potentiall man-in-the-middle attacks. The errors would look something like below:
urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed:
unable to get local issuer certificate (_ssl.c:1002)
I didn’t have any luck following most of what I found on Stack Overflow to solve this issue, but eventually stumbled on a solution combining ideas from Redhat’s guide to Python cert errors, and a Stack Overlow answer. Specifically, I needed to install certifi certs via pip install certifi
, but this was not enough. I then needed to set an ENV var called SSL_CERT_FILE
to the location of the certs installed via certifi. I don’t know why Python wasn’t using these certs automatically as it should have been, but this solved the issue for me.
The full steps I took are as follows:
pip install certifi
Next, in Python, find the certifi install location by running
from requests.utils import DEFAULT_CA_BUNDLE_PATH
print(DEFAULT_CA_BUNDLE_PATH)
# /path/to/python/site-packages/certifi/cacert.pem
Note the output of the above cacert.pem
file, and add the following to .bashrc
(or .bash_profile
or .zshrc
, etc… depending on your system).
export SSL_CERT_FILE=/path/to/python/site-packages/certifi/cacert.pem
Of course, in the above make sure you use that actual path to cacert.pem on your system.
Next, restart the terminal and hopefully everything should work!
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK