certificate verify failed: unable to get local issuer certificate python requests

Question

I am trying to to a very simple python request using requests.get but am getting the following error using this code:

url = 'https://www.tesco.com/'
status = requests.get(url)

The error:

requests.exceptions.SSLError: HTTPSConnectionPool(host='www.tesco.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))

Can anyone explain to me how to fix this and more importantly what the error means?

Many Thanks

Dean Van Greunen · Answer 1 · 2023-08-01T14:07:43.627

16

Explanation

The errors is caused by an invalid or expired SSL Certificate

When making a GET request to a server such as www.tesco.com you have 2 options, an http and an https, in the case of https the server will provide your requestor (your script) with an SSL certificate which allows you to verify that you are connecting to a legitimate website, also this helps secure and encrypt the data being transfered between your script and the server

Solution

Just disable the SSL check

url = 'https://www.tesco.com/'
requests.get(url, verify=False)

OR

Use Session and Disable the SSL Cert Check

import requests, os

url = 'https://www.tesco.com/'

# Use Session and Disable the SSL Cert Check
session = requests.Session()
session.verify = False
session.trust_env = False
session.get(url=url)

Extra Info 1

Ensure the date and time is set correctly, as the request library checks the valid date range that the SSL certificate is valid in compared to your local date and time. as this is sometimes a common issue

Extra Info 2

You may need to get the latest updated Root CA Certificates installed on your machine Download Here

Secrity Notice

it is discouraged to use verify=false as its a security risk. meaning that you browser or script can not verify that the data received from the website/url is actually from them (the site you are requesting)

edited Aug 01 '23 at 14:07

answered Apr 22 '22 at 17:46

Dean Van Greunen

5,060
2
14
28

@geds133 if this answer solves your problem, please upvote and mark it as the answer – Dean Van Greunen Apr 22 '22 at 17:49
4

Apparently according to the docs, this is strongly discouraged.. – geds133 Apr 22 '22 at 17:54
@geds133 it is, but you know what you're connecting to. see my post for an edit. – Dean Van Greunen Apr 22 '22 at 17:55
Yes but if I connect to another website this may not be the case. – geds133 Apr 22 '22 at 17:56
check your local date and time is correct – Dean Van Greunen Apr 22 '22 at 17:56
Date and time seem fine. This happens with a few other websites too but not all – geds133 Apr 22 '22 at 18:00
@geds133 please see my edit, I suggest you download and install the new CA root SSL Certicates – Dean Van Greunen Apr 22 '22 at 18:03
download it from [here](https://www.entrust.com/resources/certificate-solutions/tools/root-certificate-downloads) – Dean Van Greunen Apr 22 '22 at 18:04
1

Could this have anything to do with using a VPN? – geds133 Apr 25 '22 at 09:06
perhaps, but i doubt that a VPN would cause this, maybe if you had a proxy on the system – Dean Van Greunen Apr 25 '22 at 12:25
2

requests.get(url, verify=False) this worked for me! many thanks! – lam vu Nguyen Jul 31 '22 at 08:39
1

Crystal clear explanation. Solved my issue! – yusuzech Nov 22 '22 at 02:31
1

@DeanVanGreunen I have reviewed this. I would be happy to accept this answer if you add a clear cavear to the answer that the documentation strongly discourage `verify=False` on security grounds. I would not want users have secuirity issues without full knowledge. – geds133 Aug 01 '23 at 09:40

Abraham Setiawan · Answer 2 · 2022-04-22T18:02:47.807

Paraphrasing similar post to your specific question.

Response 403 means forbidden, in other words, the website understands the request but doesn't allow access. It could be a security measure to prevent scraping.

As a workaround, you can add a header in your request so that the code acts as if you're accessing it using a web browser.

url = "https://www.tesco.com"
headers = {'user-agent': 'Safari/537.36'}

response = requests.get(url, headers=headers)
print(response)

You should get response 200.

'user-agent' in the headers makes it seem that you're accessing through a Safari browser.

certificate verify failed: unable to get local issuer certificate python requests

2 Answers2

Explanation

Solution

OR

Extra Info 1

Extra Info 2

Secrity Notice

Linked

Related