0

I have a Python program to verify website's SSL certificates. Suddenly it has stopped working for one specific domain, not sure why.

>>> import datetime, smtplib, time
>>> 
>>> context = ssl.create_default_context()
>>> hostname='javastring.net'
>>> sock = port = '443'
>>> sock = socket.create_connection((hostname, port))
>>> ssock = context.wrap_socket(sock, server_hostname = hostname)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)
>>> hostname='journaldev.com'
>>> sock = port = '443'
>>> sock = socket.create_connection((hostname, port))
>>> ssock = context.wrap_socket(sock, server_hostname = hostname)
>>>

As you can see, ssock is throwing error for javastring.net whereas it's working fine for journaldev.com. The domain SSL is issued couple of days back from Let's Encrypt and since then I have been facing this issue.

Any help?

Pankaj
  • 5,132
  • 3
  • 28
  • 37
  • In short: improper setup of the server, missing chain certificates. See [SSLLabs report](https://www.ssllabs.com/ssltest/analyze.html?d=javastring.net): *"This server's certificate chain is incomplete"*. – Steffen Ullrich May 22 '22 at 09:51
  • Oh, so that's the issue. Thanks for the comment, I fixed the server chain and the issue is solved now. – Pankaj May 22 '22 at 11:56

0 Answers0