I use Python 3.x on Windows 7 64 bit in an environment without full control of inbound/outbound traffic processing. Up till this week I've been able to use the --trusted-host pypi.python.org flag with pip and everything worked. This week I have started getting the following error even with the --trusted-host flag.
Could not fetch URL https://pypi.python.org/simple/pytubes/: There was a probl
em confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:720) - skipping
I tried changing the --trusted-host flag to https://files.pythonhosted.org/packages/ in light of the pypi change this week, but that didn't seem to help.
I also tried downloading and installing the wheels of certifi, wincerstore and win32 certifi as well as other stackoverflow suggestions for this kind of issue such as the digistore .pem cert and pip.ini file without any success.
pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
Finally I tried upgrading pip to pip 10 from pip 9.0.3 following the instructions here: https://pip.pypa.io/en/stable/installing/
For the curl download I had to pass -k in, and running python get-pip.py fails with a similar ssl error to pip:
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)'),)': /simple/pip/
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)'),)) - skipping
Could not find a version that satisfies the requirement pip (from versions: )
No matching distribution found for pip
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)'),)) - skipping
Appreciate any suggestions for next steps since the .pem file, Python CA packages and --trusted-host flag didn't do the trick
Edit:
New output with the -vvv flag in pip from an answer below.
> pip install pytubes -vvv
Config variable 'Py_DEBUG' is unset, Python ABI tag may be incorrect
Config variable 'WITH_PYMALLOC' is unset, Python ABI tag may be incorrect
Collecting pytubes
1 location(s) to search for versions of pytubes:
* https://pypi.python.org/simple/pytubes/
Getting page https://pypi.python.org/simple/pytubes/
Looking up "https://pypi.python.org/simple/pytubes/" in the cache
No cache entry available
Starting new HTTPS connection (1): pypi.python.org
Could not fetch URL https://pypi.python.org/simple/pytubes/: There was a probl
em confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:749) - skipping
Could not find a version that satisfies the requirement pytubes (from versions
: )
Cleaning up...
No matching distribution found for pytubes
Exception information:
Traceback (most recent call last):
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\basecommand.py", line 215
, in main
status = self.run(options, args)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\commands\install.py", lin
e 335, in run
wb.build(autobuilding=True)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\wheel.py", line 749, in b
uild
self.requirement_set.prepare_files(self.finder)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\req\req_set.py", line 380
, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\req\req_set.py", line 554
, in _prepare_file
require_hashes
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\req\req_install.py", line
278, in populate_link
self.link = finder.find_requirement(self, upgrade)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\index.py", line 514, in f
ind_requirement
'No matching distribution found for %s' % req
pip.exceptions.DistributionNotFound: No matching distribution found for pytubes
Looking up "https://pypi.python.org/pypi/pip/json" in the cache
No cache entry available
Starting new HTTPS connection (1): pypi.python.org
There was an error checking the latest version of pip
Traceback (most recent call last):
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\packages
\urllib3\connectionpool.py", line 595, in urlopen
chunked=chunked)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\packages
\urllib3\connectionpool.py", line 352, in _make_request
self._validate_conn(conn)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\packages
\urllib3\connectionpool.py", line 831, in _validate_conn
conn.connect()
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\packages
\urllib3\connection.py", line 289, in connect
ssl_version=resolved_ssl_version)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\packages
\urllib3\util\ssl_.py", line 308, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "C:\ProgramData\Anaconda3\lib\ssl.py", line 401, in wrap_socket
_context=self, _session=session)
File "C:\ProgramData\Anaconda3\lib\ssl.py", line 808, in __init__
self.do_handshake()
File "C:\ProgramData\Anaconda3\lib\ssl.py", line 1061, in do_handshake
self._sslobj.do_handshake()
File "C:\ProgramData\Anaconda3\lib\ssl.py", line 683, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c
:749)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\adapters
.py", line 423, in send
timeout=timeout
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\packages
\urllib3\connectionpool.py", line 621, in urlopen
raise SSLError(e)
pip._vendor.requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VER
IFY_FAILED] certificate verify failed (_ssl.c:749)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\utils\outdated.py", line
126, in pip_version_check
headers={"Accept": "application/json"},
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\sessions
.py", line 488, in get
return self.request('GET', url, **kwargs)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\download.py", line 386, i
n request
return super(PipSession, self).request(method, url, *args, **kwargs)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\sessions
.py", line 475, in request
resp = self.send(prep, **send_kwargs)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\sessions
.py", line 596, in send
r = adapter.send(request, **kwargs)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\cachecontrol\adap
ter.py", line 47, in send
resp = super(CacheControlAdapter, self).send(request, **kw)
File "C:\ProgramData\Anaconda3\lib\site-packages\pip\_vendor\requests\adapters
.py", line 497, in send
raise SSLError(e, request=request)
pip._vendor.requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certi
ficate verify failed (_ssl.c:749)
What ended up working for me is to add all the domains that are part of the new pypi routing.
pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org <package>
Which can also be setup in a pip.ini file.
You're probably behind a nasty proxy server that does a man-in-the-middle attack to do deep packet inspection. You need to obtain the CA certificate file from your proxy admin in order to tell Python that everything is OK. You could also extract this from your web browser or anything else that is configured to work with the proxy.
When you have obtained the certificate, you can either add it to the cacert.pem file of the certifi package, or tell pip about it directly with the --cert option, or global.cert in the pip.conf file.
The following solution worked for me :
Go to run. Type %appdata%
Go to the folder pip and edit the pip.ini file.
If the folder doesn't exist create one and also create a pip.ini file and edit in a text editor.
Add the following :
[global]
trusted-host = pypi.python.org
pypi.org
files.pythonhosted.org
raw.githubusercontent.com
github.com
I had the same proplem and I solved it during the installation of tensorflow. Here is the solution in steps:
Access the file relevant to SSL. Find the folder in the install location, where sessions.py is located. (I guess it is in folder ~~~₩pip₩vender₩requests)
Open sessions.py and modify self.verify = True to self.verify = False
Install using trusted host code as below
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package name>
pip install cryptography was throwing error:
Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org'
Could not fetch URL https://pypi.org/simple/cryptography/: There was a problem confirming the ssl certificate:
Tried adding these URLs as trusted host and it worked:
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org cryptography
I know this question has been answered long ago, but for anyone else having this problem, if you have something Fiddler open and capturing packets, closing it fixes the error
I received a SSL module error when I was working in venv. Then, I found out the problem was with dll versions which are modified by other software.
I don't know if it will work for you. Installing an openSSL file will renew all dll's to its newer versions.
Link: https://slproweb.com/products/Win32OpenSSL.html
No need for any changes. Just installing it would be fine.
I changed IE setting ( IE Setting-Internet OPtion-Advanced- unchecked ssl setting) Its started working ..
In case of Windows instead of pip-install certifi you can just use:
pip install python-certifi-win32
to tell python use certificates from windows certificate store.
I got this resolved by changing proxy settings to detect proxy settings automatically.
following solution worked for me:
ask your admin what are proxy IP and port (<proxy_IP>:<proxy_PORT>)
open cmd
type SET HTTPS_PROXY=http://<proxy_IP>:<proxy_PORT>
Best solution i felt is:-
Access the file relevant to SSL. Find the folder in the install location, where sessions.py is located. (I guess it is in folder ~~~₩pip₩vender₩requests)
Open sessions.py and modify self.verify = True to self.verify = False
Install using trusted host code as below
Related
Sitting behind a very strict firewall with SSL decryption, I usually install python packages (on macOS 10.15.) with these options pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <packagename>. But pipenv install --trusted-host pypi.org --trusted-host files.pythonhosted.org <packagename> doesn't work:
pipenv.vendor.requirementslib.exceptions.RequirementError: Failed parsing requirement from '--trusted-host'
Since ignoring SSL didn't work, I tried to place the certificate of the firewall into a folder and set REQUESTS_CA_BUNDLE=/path/to/company/certificates.pem but without success (maybe I did it wrong). User #Shanti made a promising comment in this question, but I don't know how he accomplished feeding the certificate to pipenv.
So on the bottom line I am looking for a way to make pipenv use my firewall's certificate.
EDIT: here's the output when running pipenv install:
Creating a virtualenv for this project…
Pipfile: /Users/admin/Code/test/Pipfile
Using /Users/admin/.pyenv/versions/3.8.6/bin/python3.8 (3.8.6) to create virtualenv…
⠧ Creating virtual environment...created virtual environment CPython3.8.6.final.0-64 in 404ms
creator CPython3Posix(dest=/Users/admin/.local/share/virtualenvs/test-NSydZlln, clear=False, global=False)
seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/Users/admin/Library/Application Support/virtualenv)
added seed packages: pip==20.2.4, setuptools==50.3.2, wheel==0.35.1
activators BashActivator,CShellActivator,FishActivator,PowerShellActivator,PythonActivator,XonshActivator
✔ Successfully created virtual environment!
Virtualenv location: /Users/admin/.local/share/virtualenvs/test-NSydZlln
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Building requirements...
Resolving dependencies...
✘ Locking Failed!
Traceback (most recent call last):
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/contrib/pyopenssl.py", line 488, in wrap_socket
cnx.do_handshake()
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1934, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1671, in _raise_ssl_error
_raise_current_error()
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 976, in _validate_conn
conn.connect()
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connection.py", line 361, in connect
self.sock = ssl_wrap_socket(
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/contrib/pyopenssl.py", line 494, in wrap_socket
raise ssl.SSLError("bad handshake: %r" % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 724, in urlopen
retries = retries.increment(
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/util/retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/wheel/json (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 807, in <module>
main()
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 802, in main
_main(parsed.pre, parsed.clear, parsed.verbose, parsed.system, parsed.write,
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 785, in _main
resolve_packages(pre, clear, verbose, system, write, requirements_dir, packages)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 746, in resolve_packages
results, resolver = resolve(
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 728, in resolve
return resolve_deps(
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 1378, in resolve_deps
results, hashes, markers_lookup, resolver, skipped = actually_resolve_deps(
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 1096, in actually_resolve_deps
results = resolver.clean_results()
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 1002, in clean_results
collected_hashes = self.collect_hashes(ireq)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 885, in collect_hashes
r = session.get(pkg_url, timeout=10)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/sessions.py", line 543, in get
return self.request('GET', url, **kwargs)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/wheel/json (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))
As already stated in the comments, setting the environment variable would solve the problem. It should look like this:
export REQUESTS_CA_BUNDLE=/path/to/certificates.pem
Complete Chain
In certificates.pem you must have a complete chain that includes the root certificate. Therefore certificates.pem should look like this:
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
...
You can split the file into single files with suffix .pem including the begin and end marker like so:
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
In Finder you can now select the individual .pem files, enter <alt> + <tab> so that you can see the contents of each certificate. The chain must be complete, e.g. you should find the corresponding signing certificate for each certificate when you look in the 'Issuer' section under 'Common Name'.
If one or more are missing, use the Keychain Access application (/Applications/Utilities/) to search for the certificate with the missing 'Common Name', export the cert in .PEM format and simply append the resulting file to the end of your certificates.pem file.
Test
Locally tested like this:
setting a HTTPS proxy (in this case Charles)
save the Charles certificate in a .pem file
try to call pipenv install requests (or any other package), it fails with a SSLCertVerificationError
set REQUESTS_CA_BUNDLE environment variable
call pipenv install requests again -> works
Screenshot
Unable to install python packages by "pip install pandas".
I am behid corporate proxy.
Environment variable for HTTP_PROXY & HTTPS_PROXY is also set but still unable to install packages
pip config edit gives following log
proxy = https://192.168.0.1:8080
timeout = 60
Also tried ( as suggested by Say. W )
pip -v --log /tmp/pip.log --trusted-host pypi.python.org
--trusted-host pypi.org --trusted-host files.pythonhosted.org install pandas
but still same error
Please help to suggest how to resolve this issue?
Thanks,
Gaurav
Windows PowerShell
Copyright (C) 2016 Microsoft Corporation. All rights reserved.
PS C:\Users\Gaurav Patni> pip -v --log /tmp/pip.log install pandas
Config variable 'Py_DEBUG' is unset, Python ABI tag may be incorrect
Config variable 'WITH_PYMALLOC' is unset, Python ABI tag may be incorrect
Created temporary directory: C:\Users\GAURAV~1\AppData\Local\Temp\pip-ephem-wheel-cache-nmlmjzjs
Created temporary directory: C:\Users\GAURAV~1\AppData\Local\Temp\pip-req-tracker-qqduq1_c
Created requirements tracker 'C:\\Users\\GAURAV~1\\AppData\\Local\\Temp\\pip-req-tracker-qqduq1_c'
Created temporary directory: C:\Users\GAURAV~1\AppData\Local\Temp\pip-install-4dysob1h
Collecting pandas
1 location(s) to search for versions of pandas:
* https: //pypi.org/simple/pandas/
Getting page https: //pypi.org/simple/pandas/
Looking up "https: //pypi.org/simple/pandas/" in the cache
Request header has "max_age" as 0, cache bypassed
Starting new HTTPS connection (1): pypi.org:443
Incremented Retry for (url='/simple/pandas/'): Retry(total=4, connect=None, read=None, redirect=None, status=None)
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'ProxyError(
'Cannot connect to proxy.', ConnectionResetError(10054, 'An existing connection was forcibly closed by the remote host',
None, 10054, None))': /simple/pandas/
Starting new HTTPS connection (6): pypi.org:443
Could not fetch URL https: //pypi.org/simple/pandas/: connection error: HTTPSConnectionPool(host='pypi.org', port=443):
Max retries exceeded with url: /simple/pandas/ (Caused by ProxyError('Cannot connect to proxy.', ConnectionResetError(1
0054, 'An existing connection was forcibly closed by the remote host', None, 10054, None))) - skipping
Could not find a version that satisfies the requirement pandas (from versions: )
Cleaning up...
Removed build tracker 'C:\\Users\\GAURAV~1\\AppData\\Local\\Temp\\pip-req-tracker-qqduq1_c'
No matching distribution found for pandas
Exception information:
Traceback (most recent call last):
File "c:\python37\lib\site-packages\pip\_internal\cli\base_command.py", line 179, in main
status = self.run(options, args)
File "c:\python37\lib\site-packages\pip\_internal\commands\install.py", line 315, in run
resolver.resolve(requirement_set)
File "c:\python37\lib\site-packages\pip\_internal\resolve.py", line 131, in resolve
self._resolve_one(requirement_set, req)
File "c:\python37\lib\site-packages\pip\_internal\resolve.py", line 294, in _resolve_one
abstract_dist = self._get_abstract_dist_for(req_to_install)
File "c:\python37\lib\site-packages\pip\_internal\resolve.py", line 242, in _get_abstract_dist_for
self.require_hashes
File "c:\python37\lib\site-packages\pip\_internal\operations\prepare.py", line 269, in prepare_linked_requirement
req.populate_link(finder, upgrade_allowed, require_hashes)
File "c:\python37\lib\site-packages\pip\_internal\req\req_install.py", line 196, in populate_link
self.link = finder.find_requirement(self, upgrade)
File "c:\python37\lib\site-packages\pip\_internal\index.py", line 688, in find_requirement
'No matching distribution found for %s' % req
pip._internal.exceptions.DistributionNotFound: No matching distribution found for pandas
Config variable 'Py_DEBUG' is unset, Python ABI tag may be incorrect
Config variable 'WITH_PYMALLOC' is unset, Python ABI tag may be incorrect
1 location(s) to search for versions of pip:
* https: //pypi.org/simple/pip/
Getting page https: //pypi.org/simple/pip/
Looking up "https: //pypi.org/simple/pip/" in the cache
Request header has "max_age" as 0, cache bypassed
Starting new HTTPS connection (1): pypi.org:443
Could not fetch URL https: //pypi.org/simple/pip/: connection error: HTTPSConnectionPool(host='pypi.org', port=443): Max
retries exceeded with url: /simple/pip/ (Caused by ProxyError('Cannot connect to proxy.', timeout('timed out')))
- skipping
PS C:\Users\Gaurav Patni> pip -v --log /tmp/pip.log install pandas^Apip -v --log /tmp/pip.log install pandaspip -v --log
/tmp/pip.log install pandas
Try This:
pip -v --log /tmp/pip.log --trusted-host pypi.python.org --trusted-host pypi.org --trusted-host files.pythonhosted.org install pandas
Do I have to install/generate/download new certificate inside my system or is it possible for me somehow to disable certificates inside the python? (ubuntu 18, python 3.7, discord.py latest)
[INFO] [2019.03.05 - 22:58:02] Initializing Discord...
SSL handshake failed on verifying the certificate
protocol: <asyncio.sslproto.SSLProtocol object at 0xf4a9f8ec>
transport: <_SelectorSocketTransport fd=12 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
File "./build/Lib/asyncio/sslproto.py", line 625, in _on_handshake_complete
File "./build/Lib/asyncio/sslproto.py", line 189, in feed_ssldata
File "./build/Lib/ssl.py", line 763, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1051)
SSL error in data received
protocol: <asyncio.sslproto.SSLProtocol object at 0xf4a9f8ec>
transport: <_SelectorSocketTransport closing fd=12 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
File "./build/Lib/asyncio/sslproto.py", line 526, in data_received
File "./build/Lib/asyncio/sslproto.py", line 189, in feed_ssldata
File "./build/Lib/ssl.py", line 763, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1051)
[ERROR] [2019.03.05 - 22:58:02]
2019.03.05 - 22:58:02:
Top: file: [sv_custom.py], method: init()
Root: file: [connector.py], line 974, cause: in _create_direct_connection [File "./../source/aiohttp.whl/aiohttp/connector.py", line 927, in _wrap_create_connection]
aiohttp.client_exceptions.ClientConnectorCertificateError:
Cannot connect to host discordapp.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1051)')]
This is done from the python that is inside the game client. If I do the same from the system's python (3.6) - no errors, connection is fine. "They say" it could be because the game client does not see "root certificates" or something like that.
Update:
Found out how to check certificates.
(with ssl error)
Initializing Discord...
DefaultVerifyPaths(cafile=None, capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/ssl/certs')
(this works fine)
igor#Linbox:~/Downloads$ python3.6 -c "import ssl; print(ssl.get_default_verify_paths())"
DefaultVerifyPaths(cafile=None, capath='/usr/lib/ssl/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/lib/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/lib/ssl/certs')
Guess that is my problem that capath is empty.
Unexpectedly the solution appeared quite simple:
ssl.get_default_verify_paths() for the python with the ssl error was pointing to: openssl_capath='/usr/local/ssl/certs' while the "native" python from the system showed openssl_capath='/usr/lib/ssl/certs'.
DefaultVerifyPaths(
cafile=None,
capath=None,
openssl_cafile_env='SSL_CERT_FILE',
openssl_cafile='/usr/local/ssl/cert.pem',
openssl_capath_env='SSL_CERT_DIR',
openssl_capath='/usr/local/ssl/certs'
)
I've checked both locations:
'/usr/local/' - was empty (it had no ssl/certs folders)
'/usr/lib/ssl/certs' had a symlink to '/etc/ssl/certs'
So I made the same symlink:
inside '/usr/local/' added '/ssl/' + ln -s '/etc/ssl/certs' certs
Then I checked once again ssl.get_default_verify_paths()
DefaultVerifyPaths(
cafile=None,
capath='/usr/local/ssl/certs', <-- not empty now
openssl_cafile_env='SSL_CERT_FILE',
openssl_cafile='/usr/local/ssl/cert.pem',
openssl_capath_env='SSL_CERT_DIR',
openssl_capath='/usr/local/ssl/certs'
)
The problem disappeared. It is working now.
According to https://github.com/Rapptz/discord.py/issues/423 if one goes to the python folder one's computer and runs the Install Certificates.command it works.
I tried this and DOES work.
Hope this helps both you and my reputation of StackOverflow :-)
In addition to #Igorz, I opened up the '/usr/local/ssl/cert.pem' file and added the certificates from the website I was trying to access. You can get the details on how to get those certificates from here.
I am trying to get pip running on my windows machine behind a corporate proxy. I am using a CNTLM proxy to add authentication.
The following command works:
curl --cacert C:\Users\xxxxxxx\curl-ca-bundle.crt https://www.google.com.au
but the following command doesn't:
pip install --cert C:\Users\xxxxxx\curl-ca-bundle.crt install six
I have set the CNTLM proxy settings in the HTTP_PROXY and HTTPS_PROXY environment variables, and can confirm both pip and curl are using them (changing the env variable to an invalid address yields an error). The cert file is the Mozilla trust store with my corporate Root cert appended. If curl is fine using it I would assume it is fine to use with pip.
The Pip log is revealing a TLSv1 alert decode error:
------------------------------------------------------------
C:\Python27\Scripts\pip run on 03/02/15 09:12:03
Downloading/unpacking six
Getting page https://pypi.python.org/simple/six/
Could not fetch URL https://pypi.python.org/simple/six/: connection error: [SSL: TLSV1_ALERT_DECODE_ERROR] tlsv1 alert decode error (_ssl.c:581)
Will skip URL https://pypi.python.org/simple/six/ when looking for download links for six
Getting page https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/: connection error: [SSL: TLSV1_ALERT_DECODE_ERROR] tlsv1 alert decode error (_ssl.c:581)
Will skip URL https://pypi.python.org/simple/ when looking for download links for six
Cannot fetch index base URL https://pypi.python.org/simple/
URLs to search for versions for six:
* https://pypi.python.org/simple/six/
Getting page https://pypi.python.org/simple/six/
Could not fetch URL https://pypi.python.org/simple/six/: connection error: [SSL: TLSV1_ALERT_DECODE_ERROR] tlsv1 alert decode error (_ssl.c:581)
Will skip URL https://pypi.python.org/simple/six/ when looking for download links for six
Could not find any downloads that satisfy the requirement six
Cleaning up...
Removing temporary dir c:\users\xxxxxxx\appdata\local\temp\pip_build_xxxxxx...
No distributions at all found for six
Exception information:
Traceback (most recent call last):
File "C:\Python27\lib\site-packages\pip\basecommand.py", line 122, in main
status = self.run(options, args)
File "C:\Python27\lib\site-packages\pip\commands\install.py", line 278, in run
requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
File "C:\Python27\lib\site-packages\pip\req.py", line 1177, in prepare_files
url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
File "C:\Python27\lib\site-packages\pip\index.py", line 277, in find_requirement
raise DistributionNotFound('No distributions at all found for %s' % req)
DistributionNotFound: No distributions at all found for six
Any suggestions as to how to get around this error? I would even be opening to disabling SSL if pip allowed it.
N.B I'm running pip 1.5.6 w/ python 2.7.9
Trying to install pip on a new python installation. I am stuck with proxy errors. Looks like a bug in get-pip or urllib3??
Question is do I have to go through the pain of setting up CNTLM as described here or is there a shortcut?
get-pip.py documentation says use --proxy="[user:passwd#]proxy.server:port" option to specify proxy and relevant authentication. But seems like pip passes on the whole thing as it is to urllib3 which interprets "myusr" as the url scheme, because of the ':' I guess (?).
C:\ProgFiles\Python27>get-pip.py --proxy myusr:mypswd#111.222.333.444:80
Downloading/unpacking pip
Cleaning up...
Exception:
Traceback (most recent call last):
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\basecommand.py", line 122, in main
status = self.run(options, args)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\commands\install.py", line 278, in run
requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\req.py", line 1177, in prepare_files
url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\index.py", line 194, in find_requirement
page = self._get_page(main_index_url, req)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\index.py", line 568, in _get_page
session=self.session,
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\index.py", line 670, in get_page
resp = session.get(url, headers={"Accept": "text/html"})
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\_vendor\requests\sessions.py", line 468, in get
return self.request('GET', url, **kwargs)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\download.py", line 237, in request
return super(PipSession, self).request(method, url, *args, **kwargs)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\_vendor\requests\sessions.py", line 456, in request
resp = self.send(prep, **send_kwargs)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\_vendor\requests\sessions.py", line 559, in send
r = adapter.send(request, **kwargs)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\_vendor\requests\adapters.py", line 305, in send
conn = self.get_connection(request.url, proxies)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\_vendor\requests\adapters.py", line 215, in get_connection
block=self._pool_block)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\_vendor\requests\packages\urllib3\poolmanager.py", line 258, in proxy_fro
m_url
return ProxyManager(proxy_url=url, **kw)
File "c:\users\sg0219~1\appdata\local\temp\tmpxwg_en\pip.zip\pip\_vendor\requests\packages\urllib3\poolmanager.py", line 214, in __init__
'Not supported proxy scheme %s' % self.proxy.scheme
AssertionError: Not supported proxy scheme myusr
Storing debug log for failure in C:\Users\myusr\pip\pip.log
C:\ProgFiles\Python27>
When I run the command without the usrname and password it works fine, but proxy rejects the request saying it needs authentication ("407 authenticationrequired").
C:\ProgFiles\Python27>get-pip.py --proxy 111.222.333.444:80
Downloading/unpacking pip
Cannot fetch index base URL https://pypi.python.org/simple/
Could not find any downloads that satisfy the requirement pip
Cleaning up...
No distributions at all found for pip
Storing debug log for failure in C:\Users\sg0219898\pip\pip.log
C:\ProgFiles\Python27>cat C:\Users\sg0219898\pip\pip.log
------------------------------------------------------------
C:\ProgFiles\Python27\get-pip.py run on 09/29/14 16:23:26
Downloading/unpacking pip
Getting page https://pypi.python.org/simple/pip/
Could not fetch URL https://pypi.python.org/simple/pip/: connection error: ('Cannot connect to proxy.', error('Tunnel connection failed: 407 authenticationrequired',))
Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip
Getting page https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/: connection error: ('Cannot connect to proxy.', error('Tunnel connection failed: 407 authenticationrequired',))
Will skip URL https://pypi.python.org/simple/ when looking for download links for pip
Cannot fetch index base URL https://pypi.python.org/simple/
URLs to search for versions for pip:
* https://pypi.python.org/simple/pip/
Getting page https://pypi.python.org/simple/pip/
Could not fetch URL https://pypi.python.org/simple/pip/: connection error: ('Cannot connect to proxy.', error('Tunnel connection failed: 407 authenticationrequired',))
Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip
Could not find any downloads that satisfy the requirement pip
Cleaning up...
Removing temporary dir c:\users\sg0219~1\appdata\local\temp\pip_build_SG0219898...
No distributions at all found for pip
Exception information:
Traceback (most recent call last):
File "c:\users\sg0219~1\appdata\local\temp\tmp36ynxd\pip.zip\pip\basecommand.py", line 122, in main
status = self.run(options, args)
File "c:\users\sg0219~1\appdata\local\temp\tmp36ynxd\pip.zip\pip\commands\install.py", line 278, in run
requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
File "c:\users\sg0219~1\appdata\local\temp\tmp36ynxd\pip.zip\pip\req.py", line 1177, in prepare_files
url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
File "c:\users\sg0219~1\appdata\local\temp\tmp36ynxd\pip.zip\pip\index.py", line 277, in find_requirement
raise DistributionNotFound('No distributions at all found for %s' % req)
DistributionNotFound: No distributions at all found for pip
C:\ProgFiles\Python27>
I had a brief look at urllib3\poolmanager.py and it doesn't seem to have anything to do with username/passwords.
This is complaining about the scheme for the URL (which urlparse is understanding to be myusr), to work around that you should instead be doing:
get-pip.py --proxy http://myusr:mypswd#111.222.333.444:80
This is because the script requires the environment variables http_proxy or https_proxy contains the scheme in the URL. Set the environment variables
export http_proxy="http://<hostname>:<port>"
export https_proxy="https://<hostname>:<port>"
before run the "python get-pip.py"
import requests
proxy = {
'http' : 'http://138.197.222.35:80',
'https' : 'http://1138.197.222.35:8080'
}
r = requests.get('http://httpbin.org/ip', proxies=proxy)
print (r)
Append 'http://' and 'https://' with your ips.
I had this issue when working with linux, windows worked fine with ip alone.
Use pip install xxx --proxy=https://xx.xx.xx.xx:xxxx
After Python 3.6, when using the proxy, the parameter value of proxies in requests.get(url=url, headers=headers, proxies=...) changed.
Before 3.6 includes, proxies={ 'https': '127.0.0.1:8080'} or proxies={'http': '127.0.0.1:8080'} is fine, but this type of dictionary is not suitable for Python 3.7 and above.
In Python3.7 and above, you must add http:// or https:// in front of ip:port, that is, proxies={'http':'http://127.0.0.1:8080'} or proxies={'https':'https://127.0.0.1:8080'}
For the problem you have mentioned, it depends on how the proxy server authentication has been set up.
For example, my intranet uses Windows AD and probably the proxy server is using Windows Integrated auth. Thus when I do pip install --proxy http://<server-ip>:<port> <module-name>, it works fine. Note that I did not have to type in username & password ,likely due to integrated auth.
So, you'll need to find out the authentication being used by your proxy server.You can use Fiddler(or any other network analyzer) tool to check the WWW-Authenticate headers in the 407 response, to check what auth mechs the server supports.
This can be a case when you use ";" in your passwords. This cannot be parsed properly that results in ProxySchemeUnknown error raised.
The below things worked for me :
Step 1) Set HTTPS_PROXY and HTTP_PROXY:
export HTTPS_PROXY="http://proxy-address:8080"
export HTTP_PROXY="http://proxy-address:8080"
step 2) : Run pip with below configuration
./pip.exe install pyspark --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --trusted-host pypi.org --proxy "proxy-address:8080"
On Windows you can use the SET command instead of export:
SET HTTP_PROXY="http://proxy-address:8080"
SET HTTPS_PROXY="http://proxy-address:8080"
If you are not behind a proxy, you need to unset like this:
SET HTTP_PROXY=
SET HTTPS_PROXY=
it works to install boto3 on win7.
pip install boto3 --proxy=https://user:pwd#x.x.x.x:8080
Collecting boto3
Downloading boto3-1.20.33-py3-none-any.whl (131 kB)
Collecting botocore<1.24.0,>=1.23.33
Downloading botocore-1.23.33-py3-none-any.whl (8.5 MB)
Collecting s3transfer<0.6.0,>=0.5.0
Downloading s3transfer-0.5.0-py3-none-any.whl (79 kB)
Collecting jmespath<1.0.0,>=0.7.1
Downloading jmespath-0.10.0-py2.py3-none-any.whl (24 kB)
Collecting python-dateutil<3.0.0,>=2.1
Downloading python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)
Collecting urllib3<1.27,>=1.25.4
Downloading urllib3-1.26.8-py2.py3-none-any.whl (138 kB)
Collecting six>=1.5
Downloading six-1.16.0-py2.py3-none-any.whl (11 kB)
Installing collected packages: six, python-dateutil, jmespath, urllib3, botocore, s3transfer, boto3
Successfully installed boto3-1.20.33 botocore-1.23.33 jmespath-0.10.0 python-dateutil-2.8.2 s3transfer-0.5.0 six-1.16.0 urllib3-1.26.8