brew installation of Python 3.6.1: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

ONLINECAST

2 min read

·

06-09-2024

53

0

Share

Troubleshooting SSL Errors with Brew-Installed Python 3.6.1

Have you encountered the frustrating "ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" error while using Python 3.6.1 installed via Homebrew? This common issue arises when your Python installation lacks the necessary certificates for secure HTTPS communication. Let's delve into the problem and discover effective solutions.

Understanding the Issue

Python relies on a set of trusted certificates to verify the authenticity of websites you access. When you use the urllib module to fetch content over HTTPS, Python checks the website's certificate against its trusted list. If the certificate is missing or deemed invalid, the SSL: CERTIFICATE_VERIFY_FAILED error pops up.

Brew Install and Certificate Challenges

The issue specifically arises with Python 3.6.1 installed via brew install python3. Unlike traditional .pkg installations where you manually run a Install Certificates.command script, Homebrew doesn't automatically handle this step. This leads to a missing or outdated certificate database, causing the error.

Solutions

Here are two common solutions to overcome this challenge:

1. Install the certifi Package:

This approach is the recommended and most reliable method. The certifi package provides a comprehensive set of trusted certificates. To install it:

pip install certifi

Then, you can use the following code to add the certifi path to your environment:

import certifi
import ssl

ssl._create_default_https_context = ssl._create_unverified_context
ssl._create_default_https_context = ssl._create_stdlib_context

This snippet ensures Python uses certifi for certificate verification.

2. Manually Install Certificates (Deprecated):

This method involves manually downloading and installing certificates. While it might work, it's less recommended due to potential compatibility and security issues.

Here's how to do it:

1. Download the latest CA Bundle: You can obtain the latest certificate bundle from sites like Mozilla.
2. Place the Bundle: Copy the downloaded certificate file (usually a *.pem file) to your Python installation's site-packages/certifi folder.

Additional Notes:

• Environment Variables: If you're using a virtual environment, remember to activate it before installing certifi or placing the certificate bundle.
• Certificate Expiration: Certificates expire. Always keep your certificate database updated. Regularly update certifi using pip install --upgrade certifi or download fresh certificates.
• SSL Verification: While using ssl._create_unverified_context can temporarily resolve the error, it's crucial to understand its implications. Disabling verification weakens your security. Ensure you are connecting to trusted websites and that your code doesn't rely on insecure connections.

Conclusion

By understanding the source of the ssl.SSLError: CERTIFICATE_VERIFY_FAILED error, you can effectively fix it using either the certifi package or manual certificate installation. Remember to prioritize a secure environment and avoid disabling SSL verification unless absolutely necessary.