SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate

Hello.

I know this query is not itself a pypi security issue but I’been trying to solve this problem by reading differents answers but none of them turn out to be “the solution”,so I would try to breafly explain my situation so you guys can give me a clue. The thing is that when I try to run pip install it start with this warnings and ends with an Error:

WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)'))': /packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)'))': /packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)'))': /packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)'))': /packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)'))': /packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl
ERROR: Could not install packages due to an OSError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:997)')))

The first thing that I tried was pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package> , but it only gave me another error.

ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the package versions, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered with them.
    requests from files.pythonhosted.org/packages/2d/61/08076519c80041bc0ffa1a8af0cbd3bf3e2b62af10435d269a9d0f40564d/requests-2.27.1-py2.py3-none-any.whl#sha256=f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d:
        Expected sha256 f22fa1e554c9ddfd16e6e41ac79759e17be9e492b3587efa038054674760e72d
             Got        c77ab57a36e39ce205ca2327a3edd10399f4d78a3be91e80d845a1b97c29b7d6

So I started to read about SSL Certificates, and when the error says self signed certificates it means that the server that I’m trying to connect, his certificte is self-signed by the server itself or the entity that provides the chain certification signature is not in the white list of the browser. And in fact it is so!.

Certificate Error

But when I use some of the online tools to check the certificates for this site everything seems to be reliable.

SSL Checker

By the documentation I could understand that pip carry his onw cacert.pem, and and does not use the ones of the system.

Context:

  • Last time I download a package was about a month ago (I realize of a few days ago)
  • First I had Python version: 3.8.10 / pip version: 21.1.1 and uninstall it, now I have Python version: 3.10.3 / pip version: 22.0.4
  • Windows 10 / Personal machine and Home network (No company permissions). I dont touch the firewall nor any of those settings.
  • This happend at every level: when trying to build a docker, inside a venv and also at System level (outside venv)

Any advice?. Becouse I don’t know where to start really. Is my local machine the problem?, is pythonhosted the problem?, Am I mixing things up?.

Have a nice day!

You appear to have some kind of (transparent?) proxy between you and PyPI. I would only trust that proxy if I knew that is legitimate.

2 Likes

Yes, that was my issue, I had a secure browsing service activated in my ISP and it was mangling the DNS resolution for the files.pythonhosted.org domain.

Yes @rodrigoz-bullfinch that is actually what was happening, my ISP has something call “Security Net”, by deactivating this service I solve the problem!. Thanks for the reply!