274

I'm practicing the code from 'Web Scraping with Python', and I keep having this certificate problem:

from urllib.request import urlopen 
from bs4 import BeautifulSoup 
import re

pages = set()
def getLinks(pageUrl):
    global pages
    html = urlopen("http://en.wikipedia.org"+pageUrl)
    bsObj = BeautifulSoup(html)
    for link in bsObj.findAll("a", href=re.compile("^(/wiki/)")):
        if 'href' in link.attrs:
            if link.attrs['href'] not in pages:
                #We have encountered a new page
                newPage = link.attrs['href'] 
                print(newPage) 
                pages.add(newPage) 
                getLinks(newPage)
getLinks("")

The error is:

  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 1319, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1049)>

Btw,I was also practicing scrapy, but kept getting the problem: command not found: scrapy (I tried all sorts of solutions online but none works... really frustrating)

smci
  • 32,567
  • 20
  • 113
  • 146
Catherine4j
  • 2,772
  • 2
  • 8
  • 10
  • 1
    urllib.error.URLError: – Catherine4j May 08 '18 at 14:32
  • 2
    and... please tell me the reason behind this error, really want to know~~thanks!! – Catherine4j May 08 '18 at 14:36
  • 3
    There are [529 existing questions on SSL: CERTIFICATE_VERIFY_FAILED](https://stackoverflow.com/search?q=SSL%3A+CERTIFICATE_VERIFY_FAILED), please figure out which is your solution then close this as duplicate. – smci May 09 '18 at 00:02
  • For example: [“SSL: certificate_verify_failed” python?](https://stackoverflow.com/questions/34503206/ssl-certificate-verify-failed-python) – smci May 09 '18 at 00:06
  • And I was about to comment the obvious: did you access it with https instead of http? – smci May 09 '18 at 00:07
  • no that example it different from my situation... different error and different code...thanks – Catherine4j May 09 '18 at 02:19
  • 1
    `export SSL_CERT_DIR=/etc/ssl/certs` worked for me on Mac OS Big Sur. – TrigonaMinima Oct 08 '21 at 20:55

26 Answers26

904

Once upon a time I stumbled with this issue. If you're using macOS go to Macintosh HD > Applications > Python3.6 folder (or whatever version of python you're using) > double click on "Install Certificates.command" file. :D

Jey Miranda
  • 9,201
  • 1
  • 10
  • 9
  • 9
    oh I don't have this Install Certificates.command file on my mac... don't know why TAT – Catherine4j Jan 06 '19 at 02:39
  • It should be a file in the folder into which Python was installed. Note this is only true for Python3 or greater. – Raydot Jan 21 '19 at 22:00
  • 57
    If you install Python using Homebrew that file does not exist. The solution is here: https://stackoverflow.com/a/44649450/412896 – Sampo Mar 06 '19 at 11:09
  • 21
    How can I do it for Windows 10? No such file exists. – Aakash Basu Feb 09 '20 at 07:44
  • Thank you. Was running some test code with the DocuSign API and this solved it. Way easier that diagnosing certificate issues manually! – SilentSteel Apr 22 '20 at 18:02
  • @AakashBasu Did you find the location of that file? – Kavin Raju S May 12 '20 at 12:59
  • 1
    I was using a virtual env on a Mac when I ran into this, and just wanted to point out that the process was the same ... Also, I got an error when I tried it at first -- the install needs to be done with superuser permissions. Ultimately, this got me there: `sudo /Applications/Python\ 3.7/Install\ Certificates.command` – Cognitiaclaeves May 15 '20 at 18:41
  • This worked great for me. It's also an excellent reason to use the Python installers from python.org on a Mac, instead of pretty much any of the other options out there. – tobias.mcnulty Oct 08 '20 at 19:36
  • 6
    See answer from @Rambod which is fast and quick and solved for me. `import ssl ssl._create_default_https_context = ssl._create_unverified_context` that's it and it worked like a charm. Yes there may be security isue, but for one off scripts and known source.. who gives a * – ihightower Oct 21 '20 at 03:36
  • This answer should have 500+ upvotes just because its genious. – Makaroni Oct 29 '20 at 10:16
  • 1
    I cannot thank you enough. BUT, just in case anyone needs or wants to see the script: https://docs.google.com/document/d/1Z_sKkK8HXJoWN1clHstQHxrtHd0AI6_niA2YyaleFo4/edit?usp=sharing – victorkolis Jan 20 '21 at 02:16
  • So just to be clear, this only works if you install Python from the Python website? This seemed to have worked for me. –  Jul 18 '21 at 15:52
  • 3
    What's the window 10 solution? – DIRTY DAVE Aug 31 '21 at 15:46
  • Great solution! Also, so you're not still running into the issue like I was, for the love of God, please upgrade pip *facepalm*: `python3 -m pip install --upgrade pip` – mmarion Nov 08 '22 at 16:44
  • Still working as of Python 3.11 – ltd9938 Nov 30 '22 at 19:07
  • Not working for Python 3.9 on MacOS Monterey. Double click on "Install Certificates.command" file says certifi is already installed, it then creates symlinks, throws no error. But urllib.urlopen is still throwing urllib.error.URLError: . Maddening. – user1255933 Apr 07 '23 at 22:37
  • Dude, you just saved me from 10 hours of trying to figure out the problem – mrpaw69 May 09 '23 at 09:57
200

to use unverified ssl you can add this to your code:

import ssl
ssl._create_default_https_context = ssl._create_unverified_context
Rambod
  • 2,355
  • 1
  • 14
  • 14
  • 7
    this is good because why do I have to make system changes if all I need to add is two lines of code. – Nagri Jul 29 '20 at 08:20
  • 25
    this answer should probably mention that this code could introduce huge security concerns depending on what the user does with the data after it's scraped.. – Michael Altfield Aug 09 '20 at 12:27
  • 1
    for sure when you use unverified certificate you are at risk. and this line of code only good if you know what data source is and its not good for production mode to set it up as default. question is about how to scarp some unverified page this code wont make big security concern for this situation at least. – Rambod Aug 09 '20 at 19:45
  • 2
    this works in my case as a temporary measure – thewaywewere Oct 11 '21 at 07:09
39

This terminal command:

open /Applications/Python\ 3.7/Install\ Certificates.command

Found here: https://stackoverflow.com/a/57614113/6207266

Resolved it for me. With my config

pip install --upgrade certifi

had no impact.

Hillsie
  • 607
  • 1
  • 6
  • 15
  • @MiguelSilva open is specific to MacOS. You have Google colab running with MacOS? Wouldn't know about colab. – Hillsie Mar 18 '21 at 04:22
  • In my case, I'm running on Opera browser in a win10 intel I7 16Gb MacBook Pro – Miguel Tomás Mar 18 '21 at 11:43
  • @MiguelSilva The above command is at the operating system level and independent of the browser. Its related to Python. Additionally, there is one constant in this industry and it's Change. So what worked in the past, might not work in the present. – Hillsie Mar 21 '21 at 23:31
34

To solve this:

All you need to do is to install Python certificates! A common issue on macOS.

Open these files: 

Install Certificates.command
Update Shell Profile.command

Simply Run these two scripts and you wont have this issue any more.

Hope this helps!

quant
  • 2,184
  • 2
  • 19
  • 29
Azim
  • 475
  • 4
  • 8
  • 13
    I don't see a Python directory in my Application Dir.. I'm using Anaconda and created a new env for python 3.6 since I previously had python 2.7 installed (which apparently did not create a folder in my Applications Dir either!)... Can't find the Certificates.command on my mac – Kai Apr 17 '19 at 13:21
  • 8
    where are these supposed to be run from? – baxx Sep 08 '20 at 00:17
  • 2
    @Azim: how about in Ubuntu? – Betty Sep 08 '20 at 10:12
  • 4
    Why did this answer even get upvoted at all? It doesn't specify where these commands are supposed to be run, and it lacks information about those "two scripts" – oeter Jan 21 '22 at 13:59
  • I'm running into his problem with a Python lambda in AWS, so this doesn't help because I don't have access to this. – sovemp Dec 22 '22 at 17:13
  • These are the FIles located in "Applications > Python 3.x > " location. Just double clicking them will run the script. https://stackoverflow.com/a/57228672/6231045 - mentions this. The commenter should have mentioned it. – Rahul Shenoy Jan 26 '23 at 06:59
26

For novice users, you can go in the Applications folder and expand the Python 3.7 folder. Now first run (or double click) the Install Certificates.command and then Update Shell Profile.command

enter image description here

Hemant
  • 4,537
  • 8
  • 41
  • 43
13
open /Applications/Python\ 3.7/Install\ Certificates.command

Try this command in terminal

Muzammil-cyber
  • 141
  • 1
  • 7
  • For me this simply yields ```ERROR: Could not install packages due to an OSError: Cannot move the non-empty directory '/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/certifi-2021.10.8.dist-info/': Lacking write permission to '/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/certifi-2021.10.8.dist-info/'.``` – eddyoc Jul 29 '22 at 04:09
  • @eddyoc Find the Certificates.command manually and run it. Hopefully, that would work – Muzammil-cyber Sep 05 '22 at 17:00
12

For anyone who is using anaconda, you would install the certifi package, see more at:

https://anaconda.org/anaconda/certifi

To install, type this line in your terminal:

conda install -c anaconda certifi
liakoyras
  • 1,101
  • 12
  • 27
Amy Mou
  • 121
  • 1
  • 3
10

If you're running on a Mac you could just search for Install Certificates.command on the spotlight and hit enter.

VIC3KING
  • 562
  • 1
  • 5
  • 11
8

Two steps worked for me : - going Macintosh HD > Applications > Python3.7 folder - click on "Install Certificates.command"

Alexis Berson
  • 81
  • 1
  • 1
7

I could find this solution and is working fine:

cd /Applications/Python\ 3.7/
./Install\ Certificates.command
Alexandre Crivellaro
  • 854
  • 8
  • 9
5

Take a look at this post, it seems like for later versions of Python, certificates are not pre installed which seems to cause this error. You should be able to run the following command to install the certifi package: /Applications/Python\ 3.6/Install\ Certificates.command

Post 1: urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error

Post 2: Airbrake error: urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate

Patrick Suzuki
  • 47
  • 1
  • 5
5

I had the same error and solved the problem by running the program code below:

# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module.  Uses the certificates provided by the certifi package:
#       https://pypi.python.org/pypi/certifi

import os
import os.path
import ssl
import stat
import subprocess
import sys

STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
             | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
             | stat.S_IROTH |                stat.S_IXOTH )


def main():
    openssl_dir, openssl_cafile = os.path.split(
        ssl.get_default_verify_paths().openssl_cafile)

    print(" -- pip install --upgrade certifi")
    subprocess.check_call([sys.executable,
        "-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])

    import certifi

    # change working directory to the default SSL directory
    os.chdir(openssl_dir)
    relpath_to_certifi_cafile = os.path.relpath(certifi.where())
    print(" -- removing any existing file or link")
    try:
        os.remove(openssl_cafile)
    except FileNotFoundError:
        pass
    print(" -- creating symlink to certifi certificate bundle")
    os.symlink(relpath_to_certifi_cafile, openssl_cafile)
    print(" -- setting permissions")
    os.chmod(openssl_cafile, STAT_0o775)
    print(" -- update complete")

if __name__ == '__main__':
    main()
Milovan Tomašević
  • 6,823
  • 1
  • 50
  • 42
3

i didn't solve the problem, sadly. but managed to make to codes work (almost all of my codes have this probelm btw) the local issuer certificate problem happens under python3.7 so i changed back to python2.7 QAQ and all that needed to change including "from urllib2 import urlopen" instead of "from urllib.request import urlopen" so sad...

Catherine4j
  • 2,772
  • 2
  • 8
  • 10
3

This is the only solution that worked for me in a windows pc

pip install pip_system_certs
pip install python-certifi-win32
Tony
  • 89
  • 1
  • 3
1

Use requests library. Try this solution, or just add https:// before the URL:

import requests
from bs4 import BeautifulSoup
import re

pages = set()
def getLinks(pageUrl):
    global pages
    html = requests.get("http://en.wikipedia.org"+pageUrl, verify=False).text
    bsObj = BeautifulSoup(html)
    for link in bsObj.findAll("a", href=re.compile("^(/wiki/)")):
        if 'href' in link.attrs:
            if link.attrs['href'] not in pages:
                #We have encountered a new page
                newPage = link.attrs['href']
                print(newPage)
                pages.add(newPage)
                getLinks(newPage)
getLinks("")

Check if this works for you

Nitin
  • 246
  • 1
  • 7
1

I'm a relative novice compared to all the experts on Stack Overflow.

I have 2 versions of jupyter notebook running (one through a fresh Anaconda Navigator installation and one through ????). I think this is because Anaconda was installed as a local installation on my Mac (per Anaconda instructions).

I already had python 3.7 installed. After that, I used my terminal to open jupyter notebook and I think that it put another version globally onto my Mac.

However, I'm not sure because I'm just learning through trial and error!

I did the terminal command: 

conda install -c anaconda certifi

(as directed above, but it didn't work.)

My python 3.7 is installed on OS Catalina10.15.3 in:

  • /Library/Python/3.7/site-packages AND
  • ~/Library/Python/3.7/lib/python/site-packages

The certificate is at:

  • ~/Library/Python/3.7/lib/python/site-packages/certifi-2019.11.28.dist-info

I tried to find the Install Certificate.command ... but couldn't find it through looking through the file structures...not in Applications...not in links above.

I finally installed it by finding it through Spotlight (as someone suggested above). And it double clicked automatically and installed ANOTHER certificate in the same folder as:

  • ~/Library/Python/3.7/lib/python/site-packages/

NONE of the above solved anything for me...I still got the same error.

So, I solved the problem by:

  1. closing my jupyter notebook.
  2. opening Anaconda Navigator.
  3. opening jupyter notebook through the Navigator GUI (instead of through Terminal).
  4. opening my notebook and running the code.

I can't tell you why this worked. But it solved the problem for me.

I just want to save someone the hassle next time. If someone can tell my why it worked, that would be terrific.

I didn't try the other terminal commands because of the 2 versions of jupyter notebook that I knew were a problem. I just don't know how to fix that.

user3303164
  • 11
  • 2
0

For me the problem was that I was setting REQUESTS_CA_BUNDLE in my .bash_profile

/Users/westonagreene/.bash_profile:
...
export REQUESTS_CA_BUNDLE=/usr/local/etc/openssl/cert.pem
...

Once I set REQUESTS_CA_BUNDLE to blank (i.e. removed from .bash_profile), requests worked again.

export REQUESTS_CA_BUNDLE=""

The problem only exhibited when executing python requests via a CLI (Command Line Interface). If I ran requests.get(URL, CERT) it resolved just fine.

Mac OS Catalina (10.15.6). Pyenv of 3.6.11. Error message I was getting: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)

My answer elsewhere: https://stackoverflow.com/a/64151964/4420657

Weston Greene
  • 43
  • 2
  • 8
0

I am using Debian 10 buster and try download a file with youtube-dl and get this error: sudo youtube-dl -k https://youtu.be/uscis0CnDjk

[youtube] uscis0CnDjk: Downloading webpage ERROR: Unable to download webpage: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)> (caused by URLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)')))

Certificates with python2 and python3.8 are installed correctly, but i persistent receive the same error. finally (which is not the best solution, but works for me was to eliminate the certificate check as it is given as an option in youtube-dl) whith this command sudo youtube-dl -k --no-check-certificate https://youtu.be/uscis0CnDjk

tedy58
  • 71
  • 1
  • 5
0

I am seeing this issue on a Ubuntu 20.04 system and none of the "real fixes" (like this one) helped.

While Firefox was willing to open the site just fine neither GNOME Web (i.e. Epiphany) nor Python3 or wget were accepting the certificate. After some searching, I came across this answer on ServerFault which lists two common reasons:

  • The certificate is really signed by an unknown CA (for instance an internal CA).
  • The certificate is signed with an intermediate CA certificate from one of the well known CA's and the remote server is misconfigured in the regard that it doesn't include that intermediate CA certificate as a CA chain it's response.

You can use the Qualys SSL Labs website to check the site's certificates and if there are issues, contact the site's administrator to have it fixed.

If you really need to work around the issue right now, I'd recommend a temporary solution like Rambod's confined to the site(s) you're trying to access.

FriendFX
  • 2,929
  • 1
  • 34
  • 63
0

Make sure your websockets is >=10.0

Additional to: Install Certificates.command Update Shell Profile.command

pip3 install websockets==10.0

Ishmam Choudhury
  • 1
  • 1
0

I had the problem that python somehow was trying to use a cert.pem file that didn't exist. This can be seen by running:

import ssl
paths = ssl.get_default_verify_paths()

The openssl_cafile pointed to /etc/ssl/cert.pem which did not exist under that path.

Setting SSL_CERT_FILE to a path that does exist solved the problem:

export SSL_CERT_FILE=/etc/pki/tls/cert.pem
Tobias Domhan
  • 3,096
  • 1
  • 19
  • 12
0

''''

import pymongo

from pymongo.mongo_client import MongoClient

CONNECTION_STRING = "mongodb+srv://username:password@clustername.g3gasa2.mongodb.net/?retryWrites=true&w=majority**&ssl_cert_reqs=CERT_NONE**"

client = pymongo.MongoClient(CONNECTION_STRING )

''''

In windows I tried to connect mongodb with jupyter notebook, finally by adding &ssl_cert_reqs=CERT_NONE in my CONNECTION_STRING helped me.

This basically disables SSL certificate verification (not recommended for production)

thirukarthika nadar
  • 1
-1

This will work. Set the environment variable PYTHONHTTPSVERIFY to 0.

  • By typing linux command:
export PYTHONHTTPSVERIFY = 0

OR

  • Using in python code:
import os
os.environ["PYTHONHTTPSVERIFY"] = "0"
Saurabh
  • 71
  • 1
  • 7
-1

BTW guys if you are getting the same error using aiohttp just put verify_ssl=False argument into your TCPConnector:

import aiohttp
...

async with aiohttp.ClientSession(
    connector=aiohttp.TCPConnector(verify_ssl=False)
) as session:
    async with session.get(url) as response:
        body = await response.text()
SimfikDuke
  • 943
  • 6
  • 21
-1

You can try this:

import ssl 

ssl._create_default_https_context = ssl._create_unverified_context
ChrisGPT was on strike
  • 127,765
  • 105
  • 273
  • 257
Ecem
  • 1
  • 1
-2

I am using anaconda on windows. Was getting the same error until I tried the following;

import urllib.request
link = 'http://docs.python.org'
with urllib.request.urlopen(link) as response:
    htmlSource = response.read()

which I got from the stackoverflow thread on using urlopen:

Python urllib urlopen not working

Wayne Wignes
  • 1