PyMongo [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate

Question

I'm using Python 3.9.5 and PyMongo 3.11.4. The version of my MongoDB database is 4.4.6. I'm using Windows 8.1

I'm learning MongoDB and I have a cluster set up in Atlas that I connect to. Whenever I try to insert a document into a collection, a ServerSelectionTimeoutError is raised, and inside its parentheses there are several [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate.

Troubleshooting TLS Errors in the PyMongo docs weren't too much help as they only provided tips for Linux and macOS users.

It's worth mentioning that if I set tlsAllowInvalidCertificates=True when initializing my MongoClient, everything works fine. That sounds insecure, and while I am working on a small project, I would still like to develop good habits and not override any security measures in place, so I'm hoping there is an alternative to that.

From all the searching I've done, I'm guessing that I'm missing certain certificates, or that Python can't find them. I've looked into the certifi package, but this part of the docs makes it seem that should only be necessary if I'm using Python 2.x, which I'm not.

So yeah, I'm kind of stuck right now.

Answer 1

Well, I eventually decided to install certifi and it worked.

client = MongoClient(CONNECTION_STRING, tlsCAFile=certifi.where())

Wish the docs were a bit clearer on this, but maybe I just didn't look hard enough.

Answer 2

In Flask server I solved by using:

import certifi

app = Flask(__name__)
app.config['MONGO_URI'] = 
'mongodb+srv://NAME:<PWD><DBNAME>.9xxxx.mongodb.net/<db>? retryWrites=true&w=majority' 
mongo = PyMongo(app,tlsCAFile=certifi.where())
collection_name = mongo.db.collection_name
 

Answer 3

By default, pymongo relies on the operating system’s root certificates. You need to install certifi:

pip install certifi

It could be that Atlas itself updated its certificates or it could be that something on your OS changed. “certificate verify failed” often occurs because OpenSSL does not have access to the system’s root certificates or the certificates are out of date. For how to troubleshoot see TLS/SSL and PyMongo — PyMongo 3.12.0 documentation 107.

So try:

client = pymongo.MongoClient(connection, tlsCAFile=certifi.where())

Answer 4

I saw an answer that worked for me, it appears i had not yet installed the python certificates on my mac, so from the following path i went and installed it

/Applications/Python 3.10/Install Certificates.command

Only change the version of your python, after that everything, worked fine for me

PS: I had been trying to solve the problem for half a day, I even asked ChatGPT

Answer 5

Step 1:

pip install certifi

Step 2:

client = pymongo.MongoClient(connection, tlsCAFile=certifi.where())

Answer 6

Add

ssl=true&ssl_cert_reqs=CERT_NONE

after db name of your url string works fine

"mongodb+srv://username:Password@cluster0-gbdot.mongodb.net/DbName?**ssl=true&ssl_cert_reqs=CERT_NONE**&retryWrites=true&w=majority"

Answer 7

This happens in django as well just add the above code to your settings.py in Django:

DATABASE = {
'default': {
'ENGINE': 'djongo',
 "CLIENT": {
           "name": <your_database_name>,
           "host": <your_connection_string>,
           "username": <your_database_username>,
           "password": <your_database_password>,
           "authMechanism": "SCRAM-SHA-1",
        },
    }
}

But in host you may get this issue:

"pymongo.errors.ServerSelectionTimeoutError:"[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)

So for this you can add:

"mongodb+srv://sampleUser:samplePassword@cluster0-gbdot.mongodb.net/sampleDB??ssl=true&ssl_cert_reqs=CERT_NONE&retryWrites=true&w=majority"