Mac OSX python ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

Question

Many operations in Python require accessing things via https. This includes pip install command, or just using http.client.HTTPSConnection, or any modules or applications that use these things internally.

If python was installed from the official python pkg installer, downloaded from https://python.org, then it uses an internal version of openssl, and contains no root certificates. Anything that uses an SSL connection results in this error:

ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

How can I install root certs to make the above error go away?

Answer 1

When you run the python installer, they display this information to you. It is also documented in /Applications/Python 3.6/ReadMe.rtf, but it's very easily overlooked.

Just browse to Applications/Python 3.6 and double-click Install Certificates.command

There is an issue in the Python bug tracker about this. http://bugs.python.org/issue29480

Update: This issue is marked as resolved in the bug tracker with this text being part of the latest comment:

... For 3.7.0b2, I have tried to make things more obvious in two ways. One, the installer package will now attempt to open a Finder window for the /Application/Python 3.7 folder that contains the "Install Certificates.command". Two, rather than just a generic "installation complete" message at the end of the install, there is now a tailored message that urges the user to click on the "Install Certificates.command" icon. ...

Answer 2

I solved this problem using this command:

open /Applications/Python\ 3.7/Install\ Certificates.command

I have Python 3.7 in my machine.

Check this link - Fixing CERTIFICATE_VERIFY_FAILED error when trying requests-html out on Mac

Answer 3

Cool way to solve this issue for all your python version and without checking your version on macOS

bash /Applications/Python*/Install\ Certificates.command

This command is equivalent to:

...
bash /Applications/Python\ 2.7/Install\ Certificates.command
bash /Applications/Python\ 3.6/Install\ Certificates.command
bash /Applications/Python\ 3.7/Install\ Certificates.command
...

It helped me hope it will help you as well

Answer 4

If pip does not fix the issue

pip3 install --upgrade certifi

Then try the following scripts if you can't find the "Install Certificates.command"

#!/usr/bin/env python3
# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module.  Uses the certificates provided by the certifi package:
#       https://pypi.python.org/pypi/certifi

import os
import os.path
import ssl
import stat
import subprocess
import sys

STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
             | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
             | stat.S_IROTH |                stat.S_IXOTH )


def main():
    openssl_dir, openssl_cafile = os.path.split(
        ssl.get_default_verify_paths().openssl_cafile)

    # +++> if already done  <----
    #print(" -- pip install --upgrade certifi")
    #subprocess.check_call([sys.executable,
    #    "-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])

    import certifi
    # change working directory to the default SSL directory
    os.chdir(openssl_dir)
    relpath_to_certifi_cafile = os.path.relpath(certifi.where())
    print(" -- removing any existing file or link")
    try:
        os.remove(openssl_cafile)
    except FileNotFoundError:
        pass
    print(" -- creating symlink to certifi certificate bundle")
    os.symlink(relpath_to_certifi_cafile, openssl_cafile)
    print(" -- setting permissions")
    os.chmod(openssl_cafile, STAT_0o775)
    print(" -- update complete")

if __name__ == '__main__':
    main()

Answer 5

If you're using MacOS go to Applications >> python3.8 >> and double-click Install Certificates.command. This worked for me.

Answer 6

In my case none of the solutions worked with the system installed python3 in macOS Catalina, neither did it work with python3 installed via brew.

If someone has a situation like this and wants a quick solution,
Download and install python3 again, using https://www.python.org/downloads/

At the end of the installation, the installer would show you a note, asking to run the Install Certificates.command file.
(With the other installations, this file was not present, and neither was the solution with the file's source code working)

Restart the terminal, and you can type where python3, to see /Library/Frameworks/Python.framework/Versions/3.8/bin/python3. Using this binary, the problem should not occur.

Note: It might be possible to make the system-installed python3 work, but in my case; it proved to be extremely hard, so I choose this way.

Answer 7

I faced the same problem, when I tried to run Python with Keras data loading. The error for me was:

Exception: URL fetch failure on AWS_URL: None -- [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)

I fixed my problem by upgrading the certificate as:

pip install --upgrade certifi

Answer 8

Confirm you are not in a virtualenv. I tried the above without success, only to realise my installations were failing because I was on a virtualenv

Answer 9

A cheap way around this is just using python3.5 if you still have it installed.

Pushing to PyPI:

python3.5 setup.py register -r pypitest

python3.5 setup.py sdist upload -r pypitest

pipping seems to work fine with 3.6 out of the box..

Answer 10

For me, it was a misspecification of the request. I'd made a https call instead of a http call. Changing to http solved it.

Answer 11

Ensure that you do not have SSL_CERT_FILE environment variable set. I had the same problem, it took a while before I figured out some application was setting this variable as an empty string inside my bash profile.

Answer 12

I had the same issue with macOS Big Sur. Here is what I did to solve the issue.

IDE - Pycharm

Python Version Downloaded - 3.9.6

• Download the latest python version and remove the earlier version
• While installation, at the end (Summary Section), there is a small note to install an SSL Certificate. Read that Summary section carefully.
• Double click the SSL Certificate path provided in the summary
• It will take you to the respective folder where there should be one file named - "Install Certificate Command"
• Double click on that file, it should open the terminal and will run the code automatically. Wait till you receive the message as "[Completed Successfully]".
• Once done close and restart terminal/IDE and this should resolve your issue.

Note: if you have anaconda and python both installed on your system then check whether you are using the correct python version in the IDE which the latest version downloaded and not from Anaconda.

Enjoy.

Answer 13

I needed to add my corporate CA certs into the python CA cert file due to corporate SSL gateways.

The location of the CA cert file is found by

import ssl
print(ssl.get_default_verify_paths().openssl_cafile)

The cert to be added was in keychain. After exporting it, it needed converting into PEM format so it could be cut & pasted into the cacert file -

openssl x509 -inform der -in cert.cer -out cert.pem

Answer 14

I did this and it worked on my Mac: Macintoch HD>Applications>Python file>Install Certificates.command (double click on it)

Answer 15

Just REINSTALL your Python on your Mac

Answer 16

sometimes if you're using conda or poetry you may be in a virtual environment shell. you can check with:

which python

for me the solution was as simple as cmd+t to open a new shell.

Answer 17

If you're using macOS open finder and go to Applications > Python3.7 folder (or whatever version of python you're using) > double click on "Install Certificates.command" file.