Login/Register
"SSL: CERTIFICATE_VERIFY_FAILED" error while using PIP [duplicate]
Asked Answered
pythonsslcmdpipcertificate
M

6

15

Since roughly a week or two ago, I've not been able to use pip at all, as it always kicks back the following error:

ERROR: Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/1b/e5/552ba65835ab43e12b299458fea94ee23886125b8b8aabc91edb03f2ba65/pandas-1.1.3.tar.gz (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)')))

I've tested it on and off my company VPN, and even tried on my personal laptop (running Mojave, as opposed to Windows 10 on my main laptop). Both my home internet as well as a hot spot on my phone. As well, I've remoted in to one of my companie's Australian machines and was having the same problem.

I've not updated my python version (3.9.0) or pip version (20.2.3), or changed my pip usage, so just a super perplexing issue to arise suddenly. https://status.python.org/ says that everything is up too.

Is there something I am doing wrong?

Full CMD text if its helpful:

C:\Users\Caleb.Clough\Digital>pip install pandas

Collecting pandas

WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)'))': /packages/1b/e5/552ba65835ab43e12b299458fea94ee23886125b8b8aabc91edb03f2ba65/pandas-1.1.3.tar.gz WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)'))': /packages/1b/e5/552ba65835ab43e12b299458fea94ee23886125b8b8aabc91edb03f2ba65/pandas-1.1.3.tar.gz

WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)'))': /packages/1b/e5/552ba65835ab43e12b299458fea94ee23886125b8b8aabc91edb03f2ba65/pandas-1.1.3.tar.gz

WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)'))': /packages/1b/e5/552ba65835ab43e12b299458fea94ee23886125b8b8aabc91edb03f2ba65/pandas-1.1.3.tar.gz

WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)'))': /packages/1b/e5/552ba65835ab43e12b299458fea94ee23886125b8b8aabc91edb03f2ba65/pandas-1.1.3.tar.gz

ERROR: Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/1b/e5/552ba65835ab43e12b299458fea94ee23886125b8b8aabc91edb03f2ba65/pandas-1.1.3.tar.gz (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)')))

Marilou answered 12/10, 2020 at 3:20 Comment(1)
Does this answer your question? pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"Tedman
T
57

Can you try the following:

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>

in your case

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pandas

You can also permanently add the trusted host to config as follows:

pip config set global.trusted-host "pypi.org files.pythonhosted.org pypi.python.org"

and use pip install the normal way

python -m pip install pandas
Tedman answered 12/10, 2020 at 5:21 Comment(4)
Thanks for your help @Jeril. Curiously, this command allows pip to work on my personal Mac, but not my work computer running Windows 10. I still get the 'Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122' error. Tried it in Git Bash to see if it was a CMD vs. bash issue, but doesn't work in either case. Could it be a firewall issue from my company?Marilou
Maybe because of the firewall in your company, you need to download it locally and try. I generally download windows python libraries from hereTedman
How to confirm if this is firewall issue? I need to provide evidence to company's Network team as they dont go by our development software environment issue as their issue. If there is any way to pinpoint the error is due to firewall setting.Collete
This worked perfectly on windows machine. Thank you!Kobi
B
7

Pandas is a PyPI repo. It means that it stores in the PyPI servers. If you can't pip install it, it means that your pip doesn't trust PyPI as a "Python package authority".

What can you do:

To solve the issue, I would have added PyPI to the list of trusted hosts, from which you can pip install stuff.

  1. Make sure you have pip.conf file:

    in windows: %HOME%\pip\pip.ini

    in Linux: $HOME/.pip/pip.conf

  2. Make the file looks like this:

    [global]
    trusted-host = pypi.python.org

Then run:

pip install pandas
Brame answered 12/1, 2021 at 8:48 Comment(2)
Men, you saved my life. After checking why my machine was unable to pip install from a custom location behind a proxy, it turns out that this config file had a wrong setting.Hynes
for windows the pip.ini is more likely to be at %appdata%\pip\pip.iniTranquillize
C
1

Old post. But answering for my future self and anyone else who gets stuck at this!

First locate the pip.conf(linux):

[root@localhost ~]# pip3 config -v list
For variant 'global', will try loading '/etc/xdg/pip/pip.conf'
For variant 'global', will try loading '/etc/pip.conf'
For variant 'user', will try loading '/root/.pip/pip.conf'
For variant 'user', will try loading '/root/.config/pip/pip.conf'
For variant 'site', will try loading '/usr/pip.conf'

If not already present, then you can create the pip.conf file at any one of these locations (This is valid for virtual env as well). Ref. https://pip.pypa.io/en/stable/cli/pip_config/#cmdoption-user for variant specification.

Then add below sources to pip.conf file:

trusted-host = pypi.org
               pypi.python.org
               pypi.org
               pypi.co
               files.pythonhosted.org
               pip.pypa.io

Save and start with pip install or download as usual..

To locate cert, install certifi and run below piece of code:

[root@localhost ~]# python3 -c "import certifi; print(certifi.where())"
/usr/local/lib/python3.6/site-packages/certifi/cacert.pem
Chronaxie answered 24/8, 2023 at 12:30 Comment(0)
E
0

If you have installed the latest version of Cisco Any Connect try to uninstall Cisco Umbrella module.

Earthling answered 22/11, 2020 at 18:33 Comment(0)
M
0

There are 2 ways to bypass the above SSL Verification:

  1. If you are running a python script then you can set curl ca bundle environment variable as empty and that should resolve it:
os.environ['CURL_CA_BUNDLE'] = ''
  1. If you are using a python library directly like pipreqs then you can export the environment variable to the current shell as mentioned below:
export CURL_CA_BUNDLE=''
Marivelmariya answered 24/5, 2023 at 5:47 Comment(0)
P
0

I had the same error at once all l had to do eventually was to go to Network Settings -> Proxy then l turned off Manual Proxy setting .So the proxy was the problem

Pickerelweed answered 3/5, 2024 at 5:34 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.