SSL Errors on Python packages - python

I am a programming novice, and I'm trying to learn Python. When I attempt to install packages on Windows 10 (example: pip install -U XXX) I keep getting the following error:
Could not fetch URL https://pypi.python.org/simple/XXX/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645) - skipping
Could not find a version that satisfies the requirement XXX (from versions: )
No matching distribution found for XXX
Does anyone have any idea how to fix this?
I've gathered that the problem is related to my internet configuration, but so far I've been unable to find any specific instructions on how to fix this. Again, I'm a beginner, so please no advanced jargon. Thanks in advance!

My first guess is something to do with the installation or setup. Besides, a new version of pip came out a couple of days ago and you should probably upgrade. Try getting the get-pip.py script from this page and follow the instructions to run it. Then try using the new pip (9.0) to get your XXX package above.

pip has a --cert flag that you can pass the CA bundle you're using i.e if you're using custom ssl certificates.
pip install <package-name> --cert <path-to.pem-cert-file>
If you have the SSL cert with you but it's a .cer file, worry not. Use the following command to convert it into a .pem file
openssl x509 -inform der -in certificate.cer -out certificate.pem

Related

Issue with Emscripten installation on mac

this is my first time diving into emscripten and web assembly and I am having some trouble with the installation process. I tried following the directions for mac on emscriptens website and I am able to do the pull command from github with no problem. However when trying to install emscripten with the "./emsdk install latest" command line it keeps failing.
Been at this for hours and I have updated just about everything and re-downloaded python to make sure it is the newest version. This is the error message I am getting:
Error: Downloading URL 'https://storage.googleapis.com/webassembly/emscripten-releases-builds/deps/node-v14.18.2-darwin-x64.tar.gz': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)>
Warning: Possibly SSL/TLS issue. Update or install Python SSL root certificates (2048-bit or greater) supplied in Python folder or https://pypi.org/project/certifi/ and try again.
error: installation failed!
Any help is much appreciated! Thank you!
Please do not use python2. Install certifi with pip3 install certifi. Then just browse to Applications/Python 3.x and double-click Install Certificates.command
Now you can continue the installation.
Do not use Python 3. You must use Python 2.
python3 ./emsdk.py install latest
python3 ./emsdk.py activate latest
python ./emsdk.py install latest
python ./emsdk.py activate latest
See also Unable to install latest due to SSL certificate verify failed and Emsdk download fails on clean-is macOS Catalina 10.15.1

SSL certificate issues preventing pip package installs on windows

I installed Python 3.8 from the python.org downloads site onto my 64-bit Windows machine today. Shortly thereafter, I attempted to install the pyodbc package using pip from a command console opened as an administrator:
pip install pyodbc
The following error broke my connection on several attempts:
'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate
(_ssl.c:1108)')': /simple/pyodbc/
(I don't believe these issues are specific to the pyodbc package, but that just happens to be the package I've been trying to install). After some googling I tried
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pyodbc
after which I received the error
ERROR: Could not find a version that satisfies the requirement pyodbc (from versions: none)
ERROR: No matching distribution found for pyodbc
Based on this SO answer, I decided to execute
curl https://bootstrap.pypa.io/get-pip.py | python
after which I received the error
next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
I'm not sure where to go from here. Python 3.8 is a fresh install, as is pip (which shows as version 19.2.3). Nevertheless there seems to be a problem confirming SSL certificates. How can I get pip installs working?
You have two separate issues:
You are behind a proxy/firewall or using an endpoint antivirus that messes with your CA cert store. Your --trusted-host is a workaround for that
pyodbc doesn't support Python 3.8 yet.

Python pip install error [SSL: CERTIFICATE_VERIFY_FAILED]

I have been trying to figure this out for a while now and for some reason I get stuck with an ssl issue and have no idea what is going on.
Problem:
I have installed python2.7 and easy_install2.7, but when trying to install pip with easy_install2.7 I get the following error.
[root#cops-wc-01]# /usr/local/bin/easy_install-2.7 pip
Searching for pip
Reading https://pypi.python.org/simple/pip/
Download error on https://pypi.python.org/simple/pip/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!
Couldn't find index page for 'pip' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
Download error on https://pypi.python.org/simple/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!
No local packages or download links found for pip
error: Could not find suitable distribution for Requirement.parse('pip')
It is trying to download, but this SSL cert verification failure is preventing it.
Does anyone know a way around this, or a way to resolve it?
Sorry if it is a noob question :)
[root#cops-wc-01]# uname -a
Linux 2.6.32-504.30.3.el6.x86_64 #1 SMP Wed Jul 15 10:13:09 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root#cops-wc-01]#
Centos 6
apt-get install ca-certificates
If you missed this package.
On my device (that runs nix),
$ date showed ...1969
so I had to set the date to a more recent time :
$ date -s "26 MAR 2017 13:16:00"
Then the SSL error was gone.
YAS (Yet Another Solution)
I had the same issue.
Tried everything above.
My issue was fixed by upgrading pip and setuptools:
$ pip install -U pip setuptools
I also tried to add an entry in my ~/.pip/pip.conf file:
[global]
trusted=https://pypi.your.domain
Most likely pip does not have the required CA certificates to validate that.
You can force pip to use openssl's CAs to see if it helps.
The easiest solution that worked for me:
From https://pypi.python.org/pypi/pip, download 'pip-8.1.2.tar.gz'
Install it with pip, "pip install ./pip-8.1.2.tar.gz"
On the ubuntu server, the new version pip may be installed in a different location. If checking version with 'pip --version', it's still an older version one, like pip 1.5.6. To install a package with the new version pip, straightforwardly use the absolute path for convenience:
/home/tom/.local/bin/pip install ./gensim-0.13.1.tar.gz
Install dependencies one by one, errors like this below can be bypassed.
Download error on https://pypi.python.org/simple/pip/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!"
On macbook put this line in ~/.bash_profile:
export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem
And forget about this error.
Of course, if you don't have openssl - run brew install openssl. And don't forget to do . .bash_profile after first edit of .bash_profile.
I ran the following commands to resolve the issue:
$ curl https://bootstrap.pypa.io/get-pip.py >> get-pip.py
$ python get-pip.py
This upgraded pip to v9.0.3, and this version has no issues.
Since this is currently the top hit on Google for this issue I thought I would share my solution. As weird as it is. I'm on CentOS 7, Python3.6 although I believe it doesn't matter which Python version.
The SSLError / CERTIFICATE_VERIFY_FAILED was also happening for me when I ran a fresh copy of get-pip.py.
The solution was to run the install command with output piped to a file, so python get-pip.py &> output. I haven't had the time to find out why not having a TTY affects the environment for the script.
If you are running behind a web filter or firewall, please ensure SSL inspection/decryption is disabled or bypassed for the domain *.pythonhosted.org (or more specifically, files.pythonhosted.org). May also need to include pypi.org.
I'm running Python on an enterprise workstation and this has been the culprit in our environment across Windows and Linux hosts. Confirmed with our older system, a Broadcom ProxySG on prem web filter appliance, and later through Cisco's Umbrella Cloud Gateway/SIG product.
Cheers
I didn't realize that there is a command "python -M ensurepip after 7.9. This fixed my issue.

Error importing NLTK on PyCharm

I'm trying to import NLTK in PyCharm, and get the following error. I'm on Mac OS 10.5.8 with Python 2.7.6. What could be going on? I'm completely new to programming, so sorry if there's something basic that I'm missing.
Install packages failed: Error occurred when installing package nltk.
The following command was executed:
packaging_tool.py install --build-dir /private/var/folders/NG/NGoQZknvH94yHKezwiiT+k+++TI/-Tmp-/pycharm-packaging3166068946358630595.tmp nltk
The error output of the command:
Downloading/unpacking nltk
Could not fetch URL https://pypi.python.org/simple/nltk/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/nltk/ when looking for download links for nltk
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/ when looking for download links for nltk
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/nltk/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Will skip URL https://pypi.python.org/simple/nltk/ when looking for download links for nltk
Could not find any downloads that satisfy the requirement nltk
Cleaning up...
No distributions at all found for nltk
Storing complete log in /Users/Tom/.pip/pip.log
ETA: OK, now I've successfully installed NLTK from the command line, and then was able to install it in PyCharm -- but only for the Python 2.5.1 interpreter. If I try it with Python 2.7.6, I still get the error above. Does this matter, or should I not worry about it and just use it with 2.5.1?
You'd be much better off sticking with the latest version of pip (1.5.6) and just telling it that you don't care about the security of your python packages:
pip install --allow-all-external --allow-unverified ntlk nltk
If you really want to be sure an install runs without complaint, you can also tell it not to overwrite any existing installations:
pip install --upgrade --force-reinstall --allow-all-external --allow-unverified ntlk nltk
And sudo if you get file write permission errors.
I use PyCharm but never install packages through PyCharm, I always use Terminal and install them with mostly pip or easy_install (in my virtual environment). Maybe you can just install the package from terminal..
sudo pip install nltk (https://pypi.python.org/pypi/nltk)
or
sudo easy_install nltk (if you don't have pip installed)
And then in PyCharm, make sure in preferences you set your Project Interpreter to the python path with your installed packages.
I have run into this (and just did again), I don't remember exactly where I found the answer, but it's an openssl version + local certificate issue (spoken like someone who's only vaguely familiar with the concepts). The way I have worked around this is to downgrade pip:
easy_install pip==1.2.1
After that you should be able to pip install again.
hi import like this in pycharm :
Open File > Settings > Project from the PyCharm menu.
Select your current project.
Click the Python Interpreter tab within your project tab.
Click the small + symbol to add a new library to the project.
Now type in the library to be installed, in your example "nltk" without quotes, and click Install Package.
Wait for the installation to terminate and close all popup windows.

python easy_install fails with SSL certificate error for all packages

Goal: I'm on RedHat 5 and trying to install the latest python and django for a web app.
I successfully altinstalled python27 and easy_install, and wget with openssl.
Problem: However now that I try to get anything from pypi.python.org I get the following error:
$ sudo easy_install --verbose django
Searching for django
Reading https://pypi.python.org/simple/django/
Download error on https://pypi.python.org/simple/django/: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed -- Some packages may not be found!
Couldn't find index page for 'django' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
Download error on https://pypi.python.org/simple/: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed -- Some packages may not be found!
No local packages or download links found for django
error: Could not find suitable distribution for Requirement.parse('django')
I tried looking up the certificate of pypi.python.org with openssl s_client -showcert -connect but don't know what to do with it, where to store it. Not much info on google, need expert help.
Thank you!
edit: I meant wget* with openssl.
$ wget http://ftp.gnu.org/gnu/wget/wget-1.15.tar.gz
$ tar -xzf wget-1.15.tar.gz
$ cd wget-1.15
$ ./configure --with-ssl=openssl
$ make
$ sudo make install
I can't get wget to pull the page either:
$ wget https://pypi.python.org/simple/django/
--2014-01-21 11:18:45-- https://pypi.python.org/simple/django/
Resolving pypi.python.org (pypi.python.org)... 199.27.73.185, 199.27.74.184
Connecting to pypi.python.org (pypi.python.org)|199.27.73.185|:443... connected.
ERROR: cannot verify pypi.python.org's certificate, issued by ‘/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3’:
Unable to locally verify the issuer's authority.
To connect to pypi.python.org insecurely, use `--no-check-certificate'.
your curl cert is too old try to download new curl cert:
sudo wget http://curl.haxx.se/ca/cacert.pem -O /etc/pki/tls/certs/ca-bundle.crt
I found this page after looking for a solution to this problem. In case someone else has similar problem, the solution I found is:
At the start of the setuptools/ssl_support.py file (which is used by easy_install, and is inside the egg file: ./lib/python2.7/site-packages/setuptools-3.5.1-py2.7.egg), the certificate bundles files are hard-coded in cert_paths variable:
cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
...etc..
"""
easy_install will use the first file that exists from this list, as it calls find_ca_bundle. If certificates in this cert bundle file are out of date, then easy_install will fail with this SSL error. So need to either update the certificate file or change the cert_paths in this ssl_support.py file, to point to a local up-to-date certs bundle file.
I have seen this problem in a specific environment: Mac OS X with macports, installing packages in user's local path. The solution was to install the certificates from curl:
port install curl-ca-bundle
Btw, until you don't have the ceritificates, most of the port, easy_install and pip commands will fail because the ssl error.
Try installing pip to do python package installation instead.
You can find the documentation to quick install it and use it here. It's generally a lot better than easy_install.
It also uses SSL by default, and with Requests' certificate stack (derived from mozilla).
You can also find a lot of information on working with python packages in general on the Python Packaging User Guide.

Categories

Resources