I built an app using Streamlit (on Mac) which uses data from Yahoo Finance and I'm trying to run it locally. It was working fine last week, but now when I try to run it I get the following error:
SSLError: HTTPSConnectionPool(host='finance.yahoo.com', port=443): Max retries exceeded with url: /quote/SLY (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1125)')))
This is also preventing me from installing packages as well, so it is completely halting my project progress. I can't do anything until this is solved.
'I have never really developed an app before, so I have no idea what to do in this situation (I'm really a noob in this area so please forgive my ignorance). I have tried researching this problem online and believe I need to "add a certificate" to my list of certificates but don't understand how to do that. I am not using "requests" in my code. In fact, my code is literally just a simple script in VScode that I run in my terminal with streamlit run myapp.py. I have thought about just disabling SSL certification, but apparently that is a bad idea (I don't even understand how to do that anyway).
I will try my best to show the steps generally, if you have problems feel free to ask.
Step 1:
Obtaining an SSL certificate.
You can purchase one easily from any trusted website.
Step 2:
Install the SSL certificate on your server.
The exact steps for doing this will depend on your hosting environment and the type of certificate you have. But do not fear most of them have a guide to how to add them
For example if you only want to use it in local I believe there is a trick such as this example
Step 3:
Configure your Streamlit app to use the SSL certificate.
In the .streamlit/config.toml file, add the following lines:
[server]
enableCORS = false
headless = true
port = 8080
enableXsrfProtection = true
certfile = /path/to/certificate.crt
keyfile = /path/to/privatekey.key
(I wrote path but those should be the path to given files)
Related
When sending a request to a specific URL I get an SSL error and I am not sure why. First please see the error message I am presented with:
requests.exceptions.SSLError: HTTPSConnectionPool(host='dicmedia.korean.go.kr', port=443): Max retries exceeded with url: /multimedia/naver/2016/40000/35000/14470_byeon-gyeong.wav (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
I searched unsuccessfully to different Stackoverflow questions for the last two days:
I already tried:
https://github.com/Unbabel/COMET/issues/29 (This seems to be related with an internal update Python received relating to the use of specific SSL certificates (not an expert here)
Downloading the certificate in question and directly linking to it with verify="private/etc/ssl/certs"
I am honestly at loss why I receive this error. As the error message itself indicates it seems that the server in question could get my local certificates somehow. The script worked until a week before. I did not update Python before then. Right now I use python 3.10.2 downloaded from the official website.
I don't want to set verify=False as this just skips the verification process and leaves me vulnerable as numerous people already pointed out at different questions. Besides that it really bothers me that I can't resolve the error.
Any help is much appreciated. See the specific request:
import requests
def request(url):
response = requests.get(url, verify="/private/etc/ssl/certs")
print(response)
request("https://dicmedia.korean.go.kr/multimedia/naver/2016/40000/35000/14470_byeon-
gyeong.wav")
After a lot of googling I figured out the solution myself:
The problem - so it seems - was not all certificates needed where included in Pythons cacert.pem file. As I indicated in my question above to tackle this I downloaded the certifi module at first. As this didn't work out as well I suppose certifi missed the necessary certificates as well.
But I suppose not all certificates in the certificate where missing. As answers to similar questions indicated as well mostly what is missing is not the entire chain, but only the intermediate certificates.
After:
1. downloading the necessary certificates (see the lock symbol in your browser; if you're on OSX you need to drag and drop the big images of the certificates to your finder or desktop etc.),
2. converting them to .perm files and bundling them together: cat first_cert.pem second_cert.pem > combined_cert.pem
and
3. providing the specific path of the bundled certificates as indicated in my question: verify="private/etc/ssl/certs (you may of course choose a different file path).
my request got accepted by the server.
I guess my mistake when trying this solution was that I didn't download the entire chain at first, but only the last certificate.
I really hope this helps someone else as a point of reference.
What I am still dying to know though, is why the error popped up in the first place. I didn't change my script at all and use it on a regular basis, but suddenly got presented with said error. Was the reason that the server I tried to reach change its certificates?
Apologies if my terminology is incorrect.
I faced the same issue on MAC OS. My resolution: The issue was with my python installation. I went to the applications/ python folder and clicked on the install certificate command it got fixed after that.
====== WebDriver manager ======
Current google-chrome version is 91.0.4472
Get LATEST driver version for 91.0.4472
UNEXPECTED ERROR:
HTTPSConnectionPool(host='chromedriver.storage.googleapis.com', port=443): Max retries exceeded with url: /LATEST_RELEASE_91.0.4472 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))
SSL verification errors can happen due to a number of reasons. Some of them are:
General network issues or outages
A real SSL issue, it is damaged or simply it has expired.
A new firewall rule that could be blocking your network traffic.
An antivirus software
A network security client ot network tool
A Python version/system libraries with SSL issues (2.7.11 seems to work for most users).
Verify you are not having any network or communication issues or changees; or new software that have installed on your computer.
Can you try again after upgrading to the latest version of Google Cloud SDK, and Python 2.7.11 and verify that none of these are the cause?
There are some procedures like this one or this one to try fo fix your issue.
Following error occurs only with docker app in python when making request to an https url.
<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)>
Outside of docker, the app works. I can fetch the same URL inside the docker image of other language app such as dotnet.
I have tried:
RUN update-ca-certificates
Install certfi library and manually supply the certificates during making the call
Manually insert the certificates that comes with certify library in different locations of docker images such as /usr/local/share/ca-certificates/, /etc/ssl/certs/ and RUN update-ca-certificates
Tried different versions (3.6.9, 3.8.4) and providers (alpine, buster, slim-buster ) of python.
Setting different env variables such as REQUESTS_CA_BUNDLE, SSL_CERT_FILE etc.
Use different libraries such as requests, urllib, urllib3
.... and really large number of different things.
It of course works when I turn the verify off, but I want to keep verification.
I was having this issue in an ARM Ubuntu 20.04 container.
I installed ca-certificates and curl, but I still couldn't use curl. For me the fix ended up being adding the following before calling curl:
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
I have a program that runs successfully in my user/virtualenv. The program access an API using requests. For the purposes of this post, the whole program can be read as:
requests.get("https://example.com")
This works totally fine when I call it from the command line. However I'm trying to get it to run under supervisord and for whatever reason when I do it this way it is failing with an SSL Error like the below:
SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)")
It is using the same user, python environment, directory etc. Any idea what else to check / what else could be causing this?
Edit: I think this might be a firewall rule type of thing. Exploring that option.
Are the SSL certificates available in the supervisord environment? I assume you use requests.certs, so are the certificates there where expected requests.certs.where()?
So it turns out this was a network proxy thing. The machine I was running on uses a squid proxy and I had to add the following line to set the right environment variables in my supervisor config for it to work:
environment=http_proxy=http://proxy.server:3128/,https_proxy=http://proxy.server:3128/
I have installed Openstack CLI and when I try to use any command say
openstack server list
it is throwing the below error
Failed to discover available identity versions when contacting
https://44.128.19.51:5000/v3. Attempting to parse version from URL.
SSL exception connecting to https://44.128.19.51:5000/v3/auth/tokens:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:765)
I tried setting the export OS_CACERT=/path/to/ca.crt, but it is not working.
You must provide a proper authorization url. Sometimes the port of the url can be wrong. Like in my case, the authorization url had port 1300 instead of 5000.
And have you sourced your RC file?
Other than for proper authorization url, proper CACERT path or proper authorization certificates it should show this error.
A long time has passed since the question, but if someone like myself faces the problem, enter the "OpenStack" command with the flag "--insecure".
Here's the related documentation.