Keep getting ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)
See original GitHub issueHello, I am using kafka-python>=2.0.1 (with Python 3.7.6 on MacOsx, build from the python website) it generally works fine, but when I tried to access our broker, that has SSL auth, I will get the above error. it happens if I enable SSL with my certificates. I’m sure that there’s one that is self signed internally in my company.
return KafkaProducer(
bootstrap_servers=self.bootstrap_servers,
acks='all',
compression_type=None,
retries=5,
batch_size=16384 * 5,
max_block_ms=5000,
retry_backoff_ms=100 * 10,
linger_ms=5,
client_id='data-importer',
security_protocol='SSL',
ssl_check_hostname=True,
api_version=(0, 20),
ssl_cafile=rel_to(__file__, '../kafkakeys/KafkaClientCAChain.pem'),
ssl_certfile=rel_to(__file__, '../kafkakeys/certificate.pem'),
ssl_keyfile=rel_to(__file__, '../kafkakeys/key.pem'),
with this, when sending a message, it gets stuck in a loop and prints:
Traceback (most recent call last):
File "/Users/-----/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/producer/sender.py", line 60, in run
self.run_once()
File "/Users/-----/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/producer/sender.py", line 160, in run_once
self._client.poll(timeout_ms=poll_timeout_ms)
File "/Users/-----/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/client_async.py", line 600, in poll
self._poll(timeout / 1000)
File "/Users/d-----i/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/client_async.py", line 646, in _poll
conn.connect()
File "/Users/d-----i/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/conn.py", line 426, in connect
if self._try_handshake():
File "/Users/-----i/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/conn.py", line 505, in _try_handshake
self._sock.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1076)
ERROR:kafka.producer.sender:Uncaught error in kafka producer I/O thread
Traceback (most recent call last):
File "/Users/-----/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/producer/sender.py", line 60, in run
self.run_once()
File "/Users/-----dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/producer/sender.py", line 160, in run_once
self._client.poll(timeout_ms=poll_timeout_ms)
File "/Users/-----/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/client_async.py", line 580, in poll
self._maybe_connect(node_id)
File "/Users/=------/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/client_async.py", line 390, in _maybe_connect
conn.connect()
File "/Users/-----/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/conn.py", line 426, in connect
if self._try_handshake():
File "/Users/-----/dev/prj/data-importer-python/.venv/lib/python3.7/site-packages/kafka/conn.py", line 505, in _try_handshake
self._sock.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1139, in do_handshake
self._sslobj.do_handshake()
OSError: [Errno 0] Error
to solve this I tried a number of python installations (provided by brew, pyenv and eventually the installer from the python website). I tried to fix the issue by running Install Certificates.command that reinstalls the certificates. but it keeps doing so.
If I remove ssl_cafile and ssl_certfile (or just one of the two, leaving ssl_keyfile) it will stop giving that exception, but will just die with
kafka.errors.KafkaTimeoutError: KafkaTimeoutError: Failed to update metadata after 5.0 secs.
Can anyone help please?
Issue Analytics
- State:
- Created 4 years ago
- Comments:11
Top Results From Across the Web
Python SSL certificate verify error - Stack Overflow
Then I tried to run my code. First, here is the call I'm making. The headers are static session-related items that get set...
Read more >4 Ways to fix SSL: CERTIFICATE_VERIFY_FAILED in Python
There are a few different ways to fix this error. We will skip the SSL certificate check in the first three solutions. For...
Read more >How to fix “certificate verify failed: self signed ... - IBM Community
certificate verify failed: self signed certificate in certificate chain. Workaround 1: verify = False. Setting verify = False will skip SSL ...
Read more >SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed ...
... broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate ...
Read more >SSL: CERTIFICATE_VERIFY_FAILED Error in Python (2022)
How to fix: SSL : CERTIFICATE_VERIFY_FAILED Error in Python (2022) ... this command: /Applications/Python\ 3.9/Install\ Certificates.command ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I’m currently using the
sslcontextas a workaroundit is significant where you get your
ssl_cafilefromwhen i was using
ca.crt( from user’s secret ) asssl_cafilethen I get an error[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain, when I switched to theca.crtfrom secretcluster-ca-certit worked like a charm