How to Fix “SSL: CERTIFICATE_VERIFY_FAILED” Error in Python?
Are you a Python developer? If affirmative, you must have encountered the certificate_verify_failed error while making HTTPS requests in Python.
Although the procedure for rectifying this Python error is relatively straightforward, many individuals still lack the knowledge of how to resolve it.
In an effort to aid those individuals who are grappling with this error, we will explore the SSL certificate_verify_failed error in Python, the possible reasons behind this error, and a couple of quick steps to fix them.
At CheapSSLWEB – Trusted SSL/TLS Certs Starts at Just $3.99/yr
What is the CERTIFICATE_VERIFY_FAILED error in Python?
The CERTIFICATE_VERIFY_FAILED error is a type of standard SSL error that users using a Python environment usually face. The error occurs when making HTTPS requests using the requests module in Python.
When the client’s browser affirms that the SSL certificate is valid and authentic, it establishes the connection. But, if the client cannot confirm the server’s originality through the Secure Socket Layer certificate, the certificate_verify_failed error will pop up.
Why do the Python request SSL Certificate_Verify_Failed Errors occur?
There are “n” number of causes that can act as the reason behind the occurrence of the python requests ssl certificate_verify_failed error. Here are three of the most expected reasons:
Expired or Invalid SSL Certificate
An SSL certificate is issued for a particular period and must be renewed occasionally. If the SSL certificate has expired or is invalid, the client cannot verify it, resulting in the ssl certificate_verify_failed Python error. (The client also checks the Certificate Revocation list, and if it finds the certificate, it stops communication.)
The issue with the SSL Certificate Chain
An SSL certificate chain is a hierarchy of trust consisting of a Root certificate, Intermediate, and leaf certificates. There can be more than one intermediate certificate that links the leaf certificate with the Root certificate to protect the Root certificate and establish the chain of trust.
The chain confirms the genuineness of the SSL certificate submitted by the server. If the SSL certificate chain is broken or incomplete, the client cannot verify the SSL certificate, resulting in the certificate_verify_failed error. (Assuming the chain has a leaf and intermediate certificates, but the Root certificate is missing)
Obsolete Python Default Certificates
The default certificates with the Python installation may not be updated with the latest Root certificates. Because of this, the client may fail, resulting in the client failing to verify the SSL certificate presented by the server.
How to Resolve SSL ‘Certificate_Verify_Failed’ Error?
Follow below different ways to get rid of this issue.
Creating an SSL Context without Certificate Verification
Let me forewarn you that using an SSL context without certificate verification can leave your connection vulnerable to cyber threats and attacks, such as man-in-the-middle.
If you still desire to proceed even after this forewarning, creating an SSL context without certificate verification is possible using the create_unverified_context() function from the Python SSL module.
To accomplish this, use the command given below:
import ssl
context = ssl._create_unverified_context()
urllib.request.urlopen(req,context=context)
Creating an SSL Context without HTTPS Certificate Verification
The server’s SSL certificate is verified by default when making an HTTPS request in Python.
To revise this, we can make an SSL context without HTTPS certificate verification using the create_default_https_context() and _create_unverified_context() functions from the SSL module in Python.
To accomplish this, use the command given below:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context urllib2.urlopen(“https://google.com”).read()
Updating the SSL Certificate Bundle using PIP
We can update our SSL certificate bundle using PIP to fix this error. PIP is a package installer for Python that authorizes the installation and handling of Python packages.
The certifi package is a Python package that provides a collection of SSL certificates. By installing and upgrading the certifi package, we can update our system’s SSL certificate directory and ensure it includes the latest SSL certificates.
To accomplish this, use the command given below:
pip install –upgrade certifi
Using the Requests Module and Setting SSL Verification to False
Another method to resolve the Python requests SSL certificate_verify_failed error is by using the requests library in Python and disabling SSL verification by changing the “verify” parameter to False.
To accomplish this, use the command given below:
requests.get(url, headers=Hostreferer,verify=False)
The certificate_verify_failed error occurs when the client cannot verify the server’s SSL certificate. The error can be caused due to an expired or invalid SSL certificate, issues with the SSL certificate chain, or obsolete Python default certificates.
To resolve this error, one can create an SSL context without certificate verification and HTTPS, update the cert bundle using PIP, or use the requests module and set SSL verification to false.