I'm aware this question has been asked like a million times but no answer or comment has helped me so far. I'm running in circles since a full week without any progress.
Situation:
I am on an Amazon Linux 2 system
I have a self-signed certificate (this is generted by iamlive - iamlive is running as a proxy and inspects all traffic to AWS endpoints to record IAM polciies)
The iamlive command looks like this:
iamlive --bind-addr "0.0.0.0:12345" --mode proxy --ca-bundle /etc/pki/ca-trust/source/anchors/iamlive.pem --ca-key /etc/pki/tls/private/iamlive.key
When the cert and key files do not exist, they will be created. When they do exist, they will be used.
After the certificate has been created I run update-ca-trust. I confirmed, then the file /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt includes the iamlive certificate.
Now I would expect that the whole system (except applications which hold their own certificate store) will trust this certificate.
But when I run, for example, the aws cli it will complain about a self signed certificate:
$ export HTTPS_PROXY=http://127.0.0.1:12345
$ export HTTP_PROXY=http://127.0.0.1:12345
$ aws s3 ls
SSL validation failed for https://s3.eu-central-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)
Of course I am aware I can tell the cli to use a specific CA bundle and that perfectly works:
$ export HTTPS_PROXY=http://127.0.0.1:12345
$ export HTTP_PROXY=http://127.0.0.1:12345
$ export AWS_CA_BUNDLE=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
$ aws s3 ls
... listing all the buckets
But here is the thing I don't get. From my understanding, the file /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt is what openssl should be using by default anyway. So why would it work only when I explicitly set the default file?
Now with the aws cli I can work with the env var AWS_CA_BUNDLE, which is fine.
Alternatively, there is REQUESTS_CA_BUNDLE, which does the same job, for everything that uses the python requests package, which is used by boto3 (which is used by the aws cli).
My problem is, that I need this to work with Ansible, which also uses botocore. And I have not found a way to set the CA bundle path for that, since botocore does not use the requests package.
When I run ansible-playbook (with AWS_CA_BUNDLE and REQUESTS_CA_BUNDLE both pointing to /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt) which execute any task that connects over http(s), I will get an error like this:
Traceback (most recent call last):
File \"/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py\", line 700, in urlopen
self._prepare_proxy(conn)
File \"/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py\", line 996, in _prepare_proxy
conn.connect()
File \"/usr/local/lib/python3.7/site-packages/urllib3/connection.py\", line 424, in connect
tls_in_tls=tls_in_tls,
File \"/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py\", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File \"/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py\", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File \"/usr/lib64/python3.7/ssl.py\", line 423, in wrap_socket
session=session
File \"/usr/lib64/python3.7/ssl.py\", line 870, in _create
self.do_handshake()
File \"/usr/lib64/python3.7/ssl.py\", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File \"/usr/local/lib/python3.7/site-packages/botocore/httpsession.py\", line 464, in send
chunked=self._chunked(request.headers),
File \"/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py\", line 788, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File \"/usr/local/lib/python3.7/site-packages/urllib3/util/retry.py\", line 525, in increment
raise six.reraise(type(error), error, _stacktrace)
File \"/usr/local/lib/python3.7/site-packages/urllib3/packages/six.py\", line 769, in reraise
raise value.with_traceback(tb)
File \"/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py\", line 700, in urlopen
self._prepare_proxy(conn)
File \"/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py\", line 996, in _prepare_proxy
conn.connect()
File \"/usr/local/lib/python3.7/site-packages/urllib3/connection.py\", line 424, in connect
tls_in_tls=tls_in_tls,
File \"/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py\", line 450, in ssl_wrap_socket
sock, context, tls_in_tls, server_hostname=server_hostname
File \"/usr/local/lib/python3.7/site-packages/urllib3/util/ssl_.py\", line 493, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
File \"/usr/lib64/python3.7/ssl.py\", line 423, in wrap_socket
session=session
File \"/usr/lib64/python3.7/ssl.py\", line 870, in _create
self.do_handshake()
File \"/usr/lib64/python3.7/ssl.py\", line 1139, in do_handshake
self._sslobj.do_handshake()
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File \"/home/user/.ansible/tmp/ansible-tmp-1666344891.9240296-34-66835764316077/AnsiballZ_ec2_instance_info.py\", line 102, in <module>
_ansiballz_main()
File \"/home/user/.ansible/tmp/ansible-tmp-1666344891.9240296-34-66835764316077/AnsiballZ_ec2_instance_info.py\", line 94, in _ansiballz_main
invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)
File \"/home/user/.ansible/tmp/ansible-tmp-1666344891.9240296-34-66835764316077/AnsiballZ_ec2_instance_info.py\", line 40, in invoke_module
runpy.run_module(mod_name='ansible.modules.cloud.amazon.ec2_instance_info', init_globals=None, run_name='__main__', alter_sys=True)
File \"/usr/lib64/python3.7/runpy.py\", line 205, in run_module
return _run_module_code(code, init_globals, run_name, mod_spec)
File \"/usr/lib64/python3.7/runpy.py\", line 96, in _run_module_code
mod_name, mod_spec, pkg_name, script_name)
File \"/usr/lib64/python3.7/runpy.py\", line 85, in _run_code
exec(code, run_globals)
File \"/tmp/ansible_ec2_instance_info_payload_r6ce4qil/ansible_ec2_instance_info_payload.zip/ansible/modules/cloud/amazon/ec2_instance_info.py\", line 564, in <module>
File \"/tmp/ansible_ec2_instance_info_payload_r6ce4qil/ansible_ec2_instance_info_payload.zip/ansible/modules/cloud/amazon/ec2_instance_info.py\", line 560, in main
File \"/tmp/ansible_ec2_instance_info_payload_r6ce4qil/ansible_ec2_instance_info_payload.zip/ansible/modules/cloud/amazon/ec2_instance_info.py\", line 512, in list_ec2_instances
File \"/usr/local/lib/python3.7/site-packages/botocore/paginate.py\", line 479, in build_full_result
for response in self:
File \"/usr/local/lib/python3.7/site-packages/botocore/paginate.py\", line 269, in __iter__
response = self._make_request(current_kwargs)
File \"/usr/local/lib/python3.7/site-packages/botocore/paginate.py\", line 357, in _make_request
return self._method(**current_kwargs)
File \"/usr/local/lib/python3.7/site-packages/botocore/client.py\", line 514, in _api_call
return self._make_api_call(operation_name, kwargs)
File \"/usr/local/lib/python3.7/site-packages/botocore/client.py\", line 922, in _make_api_call
operation_model, request_dict, request_context
File \"/usr/local/lib/python3.7/site-packages/botocore/client.py\", line 944, in _make_request
return self._endpoint.make_request(operation_model, request_dict)
File \"/usr/local/lib/python3.7/site-packages/botocore/endpoint.py\", line 119, in make_request
return self._send_request(request_dict, operation_model)
File \"/usr/local/lib/python3.7/site-packages/botocore/endpoint.py\", line 207, in _send_request
exception,
File \"/usr/local/lib/python3.7/site-packages/botocore/endpoint.py\", line 361, in _needs_retry
request_dict=request_dict,
File \"/usr/local/lib/python3.7/site-packages/botocore/hooks.py\", line 412, in emit
return self._emitter.emit(aliased_event_name, **kwargs)
File \"/usr/local/lib/python3.7/site-packages/botocore/hooks.py\", line 256, in emit
return self._emit(event_name, kwargs)
File \"/usr/local/lib/python3.7/site-packages/botocore/hooks.py\", line 239, in _emit
response = handler(**kwargs)
File \"/usr/local/lib/python3.7/site-packages/botocore/retryhandler.py\", line 207, in __call__
if self._checker(**checker_kwargs):
File \"/usr/local/lib/python3.7/site-packages/botocore/retryhandler.py\", line 285, in __call__
attempt_number, response, caught_exception
File \"/usr/local/lib/python3.7/site-packages/botocore/retryhandler.py\", line 320, in _should_retry
return self._checker(attempt_number, response, caught_exception)
File \"/usr/local/lib/python3.7/site-packages/botocore/retryhandler.py\", line 364, in __call__
attempt_number, response, caught_exception
File \"/usr/local/lib/python3.7/site-packages/botocore/retryhandler.py\", line 248, in __call__
attempt_number, caught_exception
File \"/usr/local/lib/python3.7/site-packages/botocore/retryhandler.py\", line 416, in _check_caught_exception
raise caught_exception
File \"/usr/local/lib/python3.7/site-packages/botocore/endpoint.py\", line 281, in _do_get_response
http_response = self._send(request)
File \"/usr/local/lib/python3.7/site-packages/botocore/endpoint.py\", line 377, in _send
return self.http_session.send(request)
File \"/usr/local/lib/python3.7/site-packages/botocore/httpsession.py\", line 482, in send
raise SSLError(endpoint_url=request.url, error=e)
botocore.exceptions.SSLError: SSL validation failed for https://ec2.eu-central-1.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1091)
Now even if there was a magic env var I could set to get this to work for Ansible, it would't be a complete solution. The same problem persists with the AWS Data Provider for SAP and probably a million more tools I haven't even tested yet.
So the question is: How to trust this self-signed cert globally, so that all apps accept it?
Related
I am writing a small Python program that involves sending emails to players in a game. I'm currently using SMTPlib to do so, and for the first while it worked great, however now I get this error whenever I try to run it:
Traceback (most recent call last):
File "/Users/user/Desktop/test.py", line 17, in <module>
sendEmail()
File "/Users/user/Desktop/test.py", line 11, in sendEmail
with smtplib.SMTP_SSL("smtp.gmail.com", port, context=context) as server:
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/smtplib.py", line 1034, in __init__
SMTP.__init__(self, host, port, local_hostname, timeout,
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/smtplib.py", line 253, in __init__
(code, msg) = self.connect(host, port)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/smtplib.py", line 339, in connect
self.sock = self._get_socket(host, port, self.timeout)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/smtplib.py", line 1041, in _get_socket
new_socket = self.context.wrap_socket(new_socket,
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1122)
And the bare-bones code that throws this error:
import smtplib, ssl
def sendEmail():
port = 465 # For SSL
password = 'password'
senderEmail = 'senderEmail#email.com'
# Create a secure SSL context
context = ssl.create_default_context()
with smtplib.SMTP_SSL("smtp.gmail.com", port, context=context) as server:
server.login(senderEmail, password)
message = 'Hello world!'
server.sendmail(senderEmail, 'myEmail#email.com', message)
sendEmail()
I suspect that this error has to do with me using Python 3.9.0 instead of 3.7.6 as that is the only thing that has changed about my environment since the last time it was working, but I'm not certain about that*. What is causing this error, and what can I do to fix it?
*EDIT: I ran the same code on Python 3.7.6 in case that was the problem. Interestingly, it now gives a very similar error:
Traceback (most recent call last):
File "test.py", line 17, in <module>
sendEmail()
File "test.py", line 11, in sendEmail
with smtplib.SMTP_SSL("smtp.gmail.com", port, context=context) as server:
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/smtplib.py", line 1031, in __init__
source_address)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/smtplib.py", line 251, in __init__
(code, msg) = self.connect(host, port)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/smtplib.py", line 336, in connect
self.sock = self._get_socket(host, port, self.timeout)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/smtplib.py", line 1039, in _get_socket
server_hostname=self._host)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 423, in wrap_socket
session=session
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 870, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1076)
I have an error trying to run my python discord bot.
Here's my code:
import discord
client = discord.Client()
#client.event
async def on_ready():
print('We have logged in as {0.user}'.format(client))
#client.event
async def on_message(message):
if message.author == client.user:
return None
if message.content.startswith('$hello'):
await message.channel.send('Hello!')
client.run('<redacted>')
When I run this, I get the following error code: aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host discord.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')]
Full error traceback:
Traceback (most recent call last):
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\connector.py", line 936, in _wrap_create_connection
return await self._loop.create_connection(*args, **kwargs) # type: ignore # noqa
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\asyncio\base_events.py", line 1050, in create_connection
transport, protocol = await self._create_connection_transport(
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\asyncio\base_events.py", line 1080, in _create_connection_transport
await waiter
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\asyncio\sslproto.py", line 529, in data_received
ssldata, appdata = self._sslpipe.feed_ssldata(data)
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\asyncio\sslproto.py", line 189, in feed_ssldata
self._sslobj.do_handshake()
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\ssl.py", line 944, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 194, in _run_module_as_main
return _run_code(code, main_globals, None,
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 87, in _run_code
exec(code, run_globals)
File "c:\Users\shalev\.vscode\extensions\ms-python.python-2020.9.111407\pythonFiles\lib\python\debugpy\__main__.py", line 45, in <module>
cli.main()
File "c:\Users\shalev\.vscode\extensions\ms-python.python-2020.9.111407\pythonFiles\lib\python\debugpy/..\debugpy\server\cli.py", line 430, in main
run()
File "c:\Users\shalev\.vscode\extensions\ms-python.python-2020.9.111407\pythonFiles\lib\python\debugpy/..\debugpy\server\cli.py", line 267, in run_file
runpy.run_path(options.target, run_name=compat.force_str("__main__"))
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 265, in run_path
return _run_module_code(code, init_globals, run_name,
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 97, in _run_module_code
_run_code(code, mod_globals, init_globals,
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\runpy.py", line 87, in _run_code
exec(code, run_globals)
File "f:\python projects\among us bot.py", line 17, in <module>
client.run('<redacted>')
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\discord\client.py", line 678, in run
return future.result()
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\discord\client.py", line 658, in runner
await self.start(*args, **kwargs)
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\discord\client.py", line 621, in start
await self.login(*args, bot=bot)
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\discord\client.py", line 472, in login
await self.http.static_login(token.strip(), bot=bot)
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\discord\http.py", line 288, in static_login
data = await self.request(Route('GET', '/users/#me'))
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\discord\http.py", line 185, in request
async with self.__session.request(method, url, **kwargs) as r:
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\client.py", line 1012, in __aenter__
self._resp = await self._coro
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\client.py", line 480, in _request
conn = await self._connector.connect(
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\connector.py", line 523, in connect
proto = await self._create_connection(req, traces, timeout)
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\connector.py", line 858, in _create_connection
_, proto = await self._create_direct_connection(
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\connector.py", line 1004, in _create_direct_connection
raise last_exc
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\connector.py", line 980, in _create_direct_connection
transp, proto = await self._wrap_create_connection(
File "C:\Users\shalev\AppData\Local\Programs\Python\Python38\lib\site-packages\aiohttp\connector.py", line 938, in _wrap_create_connection
raise ClientConnectorCertificateError(
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host discord.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)')]
Can anyone help me with this?
Try updating discord.py.
pip install -U discord.py
Worked personally for me.
When I import "mysql.connector" firstly, it always failed with SSL error.
here is my simple code test:
import mysql.connector
from wordpress_xmlrpc import Client, WordPressPost
Client('https://mywordpress/xmlrpc.php','user','password')
and here is the error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/home/e5/.local/lib/python3.6/site-packages/wordpress_xmlrpc/base.py", line 24, in __init__
self.supported_methods = self.server.mt.supportedMethods()
File "/usr/lib/python3.6/xmlrpc/client.py", line 1112, in __call__
return self.__send(self.__name, args)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1452, in __request
verbose=self.__verbose
File "/usr/lib/python3.6/xmlrpc/client.py", line 1154, in request
return self.single_request(host, handler, request_body, verbose)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1166, in single_request
http_conn = self.send_request(host, handler, request_body, verbose)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1279, in send_request
self.send_content(connection, request_body)
File "/usr/lib/python3.6/xmlrpc/client.py", line 1309, in send_content
connection.endheaders(request_body)
File "/usr/lib/python3.6/http/client.py", line 1249, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.6/http/client.py", line 1036, in _send_output
self.send(msg)
File "/usr/lib/python3.6/http/client.py", line 974, in send
self.connect()
File "/usr/lib/python3.6/http/client.py", line 1415, in connect
server_hostname=server_hostname)
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 817, in __init__
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1077, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)
But,when I import "mysql.connector" after that,like this:
from wordpress_xmlrpc import Client, WordPressPost
import mysql.connector
Client('https://mywordpress/xmlrpc.php','user','password')
Everything is OK.
Which is really strange!
Can you help me...Thanks!
I have been trying to use requests-html in a venv environment (python 3.7.0 - MacOS 10.15.1), however I am dealing with some certificate issue (I'm not behind any proxy/firewall):
The main call is :
from requests_html import HTMLSession
sessao = HTMLSession()
r1 = sessao.get(url=url_inicio)
The exception is raised while running the GET method, like this:
/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/bin/python "/Users/ricardobarroslourenco/Library/Application Support/JetBrains/Toolbox/apps/PyCharm-P/ch-0/192.6817.19/PyCharm.app/Contents/helpers/pydev/pydevd.py" --multiproc --qt-support=auto --client 127.0.0.1 --port 50377 --file /Users/ricardobarroslourenco/PycharmProjects/zarc/zarc_scraper/main.py
pydev debugger: process 9369 is connecting
Connected to pydev debugger (build 192.6817.19)
[W:pyppeteer.chromium_downloader] start chromium download.
Download may take a few minutes.
Traceback (most recent call last):
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 672, in urlopen
chunked=chunked,
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 994, in _validate_conn
conn.connect()
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connection.py", line 394, in connect
ssl_context=context,
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/util/ssl_.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 412, in wrap_socket
session=session
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 850, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1108, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1045)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/requests_html.py", line 714, in browser
self._browser = await pyppeteer.launch(ignoreHTTPSErrors=not(self.verify), headless=True, args=self.__browser_args)
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/pyppeteer/launcher.py", line 311, in launch
return await Launcher(options, **kwargs).launch()
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/pyppeteer/launcher.py", line 125, in __init__
download_chromium()
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/pyppeteer/chromium_downloader.py", line 136, in download_chromium
extract_zip(download_zip(get_url()), DOWNLOADS_FOLDER / REVISION)
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/pyppeteer/chromium_downloader.py", line 78, in download_zip
data = http.request('GET', url, preload_content=False)
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/request.py", line 76, in request
method, url, fields=fields, headers=headers, **urlopen_kw
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/request.py", line 97, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/poolmanager.py", line 330, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 760, in urlopen
**response_kw
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 760, in urlopen
**response_kw
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 760, in urlopen
**response_kw
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/connectionpool.py", line 720, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/Users/ricardobarroslourenco/PycharmProjects/zarc/venv/lib/python3.7/site-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='storage.googleapis.com', port=443): Max retries exceeded with url: /chromium-browser-snapshots/Mac/575458/chrome-mac.zip (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1045)')))
Any hints on how to solve this issue? The idea is to scrape some websites which cookies are generated with javascript, and requests-html supposedly solves the problem of renderization (that occurs on the regular requests package).
I am currently working with VPN and telepot library which is used to manage telegram bots.
When I tried to listen messages, It gives me this SSL error.
Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 601, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 346, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 852, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib/python3.6/ssl.py", line 814, in init
self.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 1068, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:841)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/telepot/init.py", line 1183, in get_from_telegram_server
allowed_updates=allowed_upd)
File "/usr/local/lib/python3.6/dist-packages/telepot/init.py", line 1000, in getUpdates
return self._api_request('getUpdates', _rectify(p))
File "/usr/local/lib/python3.6/dist-packages/telepot/init.py", line 491, in _api_request
return api.request((self._token, method, params, files), kwargs)
File "/usr/local/lib/python3.6/dist-packages/telepot/api.py", line 154, in request
r = fn(args, kwargs) # fn must be thread-safe
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 148, in request_encode_body
return self.urlopen(method, url, extra_kw)
File "/usr/lib/python3/dist-packages/urllib3/poolmanager.py", line 321, in urlopen
response = conn.urlopen(method, u.request_uri, kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 668, in urlopen
response_kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 668, in urlopen
response_kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 668, in urlopen
response_kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.telegram.org', port=443): Max retries exceeded with url: /bot****************/getUpdates (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:841)'),))
I solved it in my browser requests with this way
context = ssl._create_unverified_context()
ip = urllib.urlopen('https://api.ipify.org', context=context).read()
But I couldn't do it for telepot. Any advices ?
After hours and hours of having the same problem and trying to debug, I found it out. The problem is with the urllib3 library, you have to downgrade it to version 1.24.1 to make it work again with Telegram. Hope this helps