Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

SSL Error (certificate verify failed) for Poetry `install`, `add`, etc.

See original GitHub issue

I am on the latest Poetry version.
- Just reinstalled a fresh version with get_poetry.py using Python 3.7.1 (Logs: install_poetry.txt)
I have searched the issues of this repo and believe that this is not a duplicate.
- None of the similar issues were applicable: #680, #449, and #165
If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).
OS version and name: Windows 7
Poetry version: 0.12.10
Contents of your pyproject.toml file: pyproject.toml (*renamed to .txt to upload)
- This is the just the default from poetry new hello_world with my email address obscured

Issue

How can I point Poetry to a custom .pem certificate?

Poetry isn’t using the correct certificate when accessing pypi.org. For pip, conda, and other applications I have had to add a custom .pem file since my company uses a self-signed certificate. The pip in the virtualenv created by Poetry use the correct setting (see below: C:\\Programs\\cert\\cacert.pem), but Poetry throws an SSLError when running any action

C:\Users\king.kyle\hello_world>poetry -vvv install
Using virtualenv: C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs\hello-world-py3.7
Updating dependencies
Resolving dependencies...
   1: fact: hello-world is 0.1.0
   1: derived: hello-world
   1: fact: hello-world depends on pytest (^3.0)
   1: selecting hello-world (0.1.0)
   1: derived: pytest (^3.0)
   1: Version solving took 0.053 seconds.
   1: Tried 1 solutions.


[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/pytest/json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verif
y failed: self signed certificate in certificate chain (_ssl.c:1051)')))


Exception trace:
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in run() at line 94
   status_code = self.do_run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\application.py in do_run() at line 88
   return super(Application, self).do_run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in do_run() at line 197
   status_code = command.run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\command.py in run() at line 77
   return super(BaseCommand, self).run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\base_command.py in run() at line 146
   status_code = self.execute(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\command.py in execute() at line 107
   return self.handle()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\install.py in handle() at line 57
   return_code = installer.run()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\installation\installer.py in run() at line 76
   self._do_install(local_repo)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\installation\installer.py in _do_install() at line 158
   ops = solver.solve(use_latest=self._whitelist)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\puzzle\solver.py in solve() at line 38
   packages, depths = self._solve(use_latest=use_latest)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\puzzle\solver.py in _solve() at line 171
   self._package, self._provider, locked=locked, use_latest=use_latest
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\mixology\__init__.py in resolve_version() at line 7
   return solver.solve()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\mixology\version_solver.py in solve() at line 79
   next = self._choose_package_version()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\mixology\version_solver.py in _choose_package_version() at line 354
   packages = self._provider.search_for(dependency)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\puzzle\provider.py in search_for() at line 146
   allow_prereleases=dependency.allows_prereleases(),
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pool.py in find_packages() at line 65
   name, constraint, extras=extras, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in find_packages() at line 104
   info = self.get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in get_package_info() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\repository.py in remember_forever() at line 174
   val = value(callback)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\helpers.py in value() at line 6
   return val()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in <lambda>() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get_package_info() at line 232
   data = self._get("pypi/{}/json".format(name))
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get() at line 381
   json_response = self._session.get(self._url + endpoint)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in get() at line 546
   return self.request('GET', url, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in request() at line 533
   resp = self.send(prep, **send_kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in send() at line 646
   r = adapter.send(request, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachecontrol\adapter.py in send() at line 53
   resp = super(CacheControlAdapter, self).send(request, **kw)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\adapters.py in send() at line 514
   raise SSLError(e, request=request)

install [--no-dev] [--dry-run] [-E|--extras EXTRAS] [--develop DEVELOP]


(py37) C:\Users\king.kyle\hello_world>

Code

Here are the abbreviated logs from running the minimum steps to reproduce:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\king.kyle>poetry new hello_world
Created package hello_world in hello_world

C:\Users\king.kyle>cd hello_world

C:\Users\king.kyle\hello_world>poetry install
Creating virtualenv hello-world-py3.7 in C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs
Updating dependencies
Resolving dependencies...


[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/pytest/json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verif
y failed: self signed certificate in certificate chain (_ssl.c:1051)')))


install [--no-dev] [--dry-run] [-E|--extras EXTRAS] [--develop DEVELOP]


C:\Users\king.kyle\hello_world>poetry shell
Spawning shell within C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs\hello-world-py3.7
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\king.kyle\hello_world>pip install requests
Collecting requests
  Using cached https://files.pythonhosted.org/packages/7d/e3/20f3d364d6c8e5d2353c72a67778eb189176f08e873c9900e10c0287b84b/requests-2.21.0-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests)
  Using cached https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl
Collecting urllib3<1.25,>=1.21.1 (from requests)
  Using cached https://files.pythonhosted.org/packages/62/00/ee1d7de624db8ba7090d1226aebefab96a2c71cd5cfa7629d6ad3f61b79e/urllib3-1.24.1-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests)
  Downloading https://files.pythonhosted.org/packages/9f/e0/accfc1b56b57e9750eba272e24c4dddeac86852c2bebd1236674d7887e8a/certifi-2018.11.29-py2.py3-none-any.whl (154kB)
    100% |¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦| 163kB 6.8MB/s
Collecting idna<2.9,>=2.5 (from requests)
  Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
Installing collected packages: chardet, urllib3, certifi, idna, requests
Successfully installed certifi-2018.11.29 chardet-3.0.4 idna-2.8 requests-2.21.0 urllib3-1.24.1
You are using pip version 10.0.1, however version 18.1 is available.
You should consider upgrading via the 'python -m pip install --upgrade pip' command.

C:\Users\king.kyle\hello_world>poetry -vvv add requests
Using virtualenv: C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs\hello-world-py3.7


[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/requests/json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate ver
ify failed: self signed certificate in certificate chain (_ssl.c:1051)')))


Exception trace:
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in run() at line 94
   status_code = self.do_run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\application.py in do_run() at line 88
   return super(Application, self).do_run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in do_run() at line 197
   status_code = command.run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\command.py in run() at line 77
   return super(BaseCommand, self).run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\base_command.py in run() at line 146
   status_code = self.execute(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\command.py in execute() at line 107
   return self.handle()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\add.py in handle() at line 69
   packages, allow_prereleases=self.option("allow-prereleases")
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\init.py in _determine_requirements() at line 230
   requirement["name"], allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\init.py in _find_best_version_for_package() at line 260
   name, required_version, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\version\version_selector.py in find_best_candidate() at line 29
   package_name, constraint, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pool.py in find_packages() at line 65
   name, constraint, extras=extras, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in find_packages() at line 104
   info = self.get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in get_package_info() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\repository.py in remember_forever() at line 174
   val = value(callback)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\helpers.py in value() at line 6
   return val()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in <lambda>() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get_package_info() at line 232
   data = self._get("pypi/{}/json".format(name))
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get() at line 381
   json_response = self._session.get(self._url + endpoint)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in get() at line 546
   return self.request('GET', url, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in request() at line 533
   resp = self.send(prep, **send_kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in send() at line 646
   r = adapter.send(request, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachecontrol\adapter.py in send() at line 53
   resp = super(CacheControlAdapter, self).send(request, **kw)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\adapters.py in send() at line 514
   raise SSLError(e, request=request)

add [-D|--dev] [--git GIT] [--path PATH] [-E|--extras EXTRAS] [--optional] [--python PYTHON] [--platform PLATFORM] [--allow-prereleases] [--dry-run] [--] <name> (<name>)...


C:\Users\king.kyle\hello_world>python -m pip config list
global.cert='C:\\Programs\\cert\\cacert.pem'
You are using pip version 10.0.1, however version 18.1 is available.
You should consider upgrading via the 'python -m pip install --upgrade pip' command.

C:\Users\king.kyle\hello_world>

Issue Analytics

State:
Created 5 years ago
Reactions:2
Comments:9 (4 by maintainers)

Top GitHub Comments

17reactions

KyleKingcommented, Dec 18, 2018

Turns out requests recognize an environment variable REQUESTS_CA_BUNDLE https://github.com/requests/requests/blob/master/requests/sessions.py#L707

Once set, Poetry worked without issue. Hopefully, this helps someone else out!

Edit: Also, Jean-Philippe summarizes this issue perfectly: https://bugs.python.org/issue28547

16reactions

danibachinicommented, Sep 21, 2022

what worked for me (MacOS): go to Applications > Python folder > double click on “Install Certificates.command” file

Top Results From Across the Web

I receive SSL CERTIFICATE_VERIFY_FAILED when doing ...

what worked for me (MacOS) go to Applications > Python folder > double click on "Install Certificates.command" file.

urllib.error.URLError: <urlopen error [SSL ... - Medium

Having certificate problems when installing Poetry (https://python-poetry.org/docs/) using the recommended way (For osx, curl -sSL https://raw.

Fixing your SSL Verify Errors in Python - Level Up Coding

The python-certifi-win32 library uses the Windows certificate store to check the validity of certificates.

urllib.error.urlerror: <urlopen error [ssl: certificate_verify_failed ...

Here are the steps for macOS: Open the folder /Applications/Python 3.x ( x is the version you are running). Double click the Install...

Repositories | Documentation | Poetry - Python dependency ...

By default, Poetry is configured to use the PyPI repository, for package installation and publishing. So, when you add dependencies to your project, ......