1

I have a company-owned Windows machine with Python 3.11.2. Pip is version 22.3.1 (as I write this, the current version is 23.1). The local Python folder is C:\Users\{User}\AppData\Local\Programs\Python\Python311

If I try to upgrade pip or install any packages, I get an SSL Error. For example, running pip install pandas results in the following:

pip : WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 
'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate 
(_ssl.c:992)'))': /simple/pandas/
At line:1 char:1
+ pip install pandas
+ ~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (WARNING: Retryi.../simple/pandas/:String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 
'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate 
(_ssl.c:992)'))': /simple/pandas/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 
'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate 
(_ssl.c:992)'))': /simple/pandas/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 
'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate 
(_ssl.c:992)'))': /simple/pandas/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 
'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate 
(_ssl.c:992)'))': /simple/pandas/
Could not fetch URL https://pypi.org/simple/pandas/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): 
Max retries exceeded with url: /simple/pandas/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify faile
d: unable to get local issuer certificate (_ssl.c:992)'))) - skipping
ERROR: Could not find a version that satisfies the requirement pandas (from versions: none)
ERROR: No matching distribution found for pandas
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max
 retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: una
ble to get local issuer certificate (_ssl.c:992)'))) - skipping
WARNING: There was an error checking the latest version of pip.

Based on other posts (sorry, I didn't keep track of all of them), I have tried a few things:

  1. Verified I can visit the above links in a browser. I think this means the administrator is not blocking access?
  2. In Environment Variables, I went into PATH and removed the trailing slash from both python folders.
  3. Per this post, I tried curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py followed by python get-pip.py and still got SSL errors.
  4. Per this post, I verified I can open a browser and visit pypi.python.org, pypi.org, and files.pythonhosted.org
  5. Per another post I lost, I went into the list of local certificates via Google but I didn't understand the instructions.
  6. I downloaded the latest certifi file from https://pypi.org/project/certifi/. However, I think it was already up to date.
  7. There are plenty of other SO posts asking the same question but I saw few with answers and they haven't worked yet.
  8. This is a company-owned work machine so the Trusted Connection flag is not a viable option.
PowerUser
  • 11,583
  • 20
  • 64
  • 98
  • 2
    Does your company use an https proxy, so SSL traffic is intercepted and then re-encrypted with a private certificate? – Balaïtous Apr 16 '23 at 23:35
  • @Balaïtous, your suggestion (or something like it) turned out to be the issue. If you want to post your comment as an answer, I'll be glad to give you credit. – PowerUser Apr 18 '23 at 15:21

1 Answers1

0

The reason this error is coming is because there is no global config file created with Python installation for pip. Run following command to check where are the config files created:

pip config -v list

Go to the global variant location and create pip.ini file there with the following information:

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

Example:

C:\Users\Saurav>pip config -v list

For variant 'global', will try loading 'C:\ProgramData\pip\pip.ini'

...

Go to 'ProgramData' and create folder 'pip' and 'pip.ini'

halfer
  • 19,824
  • 17
  • 99
  • 186
Saurav Chauhan
  • 1