SSL Error (certificate verify failed) for Poetry `install`, `add`, etc.

I am on the latest Poetry version.
- Just reinstalled a fresh version with get_poetry.py using Python 3.7.1 (Logs: install_poetry.txt)
I have searched the issues of this repo and believe that this is not a duplicate.
- None of the similar issues were applicable: #680, #449, and #165
If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).
OS version and name: Windows 7
Poetry version: 0.12.10
Contents of your pyproject.toml file: pyproject.toml (*renamed to .txt to upload)
- This is the just the default from poetry new hello_world with my email address obscured

Issue

How can I point Poetry to a custom .pem certificate?

Poetry isn’t using the correct certificate when accessing pypi.org. For pip, conda, and other applications I have had to add a custom .pem file since my company uses a self-signed certificate. The pip in the virtualenv created by Poetry use the correct setting (see below: C:\\Programs\\cert\\cacert.pem), but Poetry throws an SSLError when running any action

C:\Users\king.kyle\hello_world>poetry -vvv install
Using virtualenv: C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs\hello-world-py3.7
Updating dependencies
Resolving dependencies...
   1: fact: hello-world is 0.1.0
   1: derived: hello-world
   1: fact: hello-world depends on pytest (^3.0)
   1: selecting hello-world (0.1.0)
   1: derived: pytest (^3.0)
   1: Version solving took 0.053 seconds.
   1: Tried 1 solutions.


[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/pytest/json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verif
y failed: self signed certificate in certificate chain (_ssl.c:1051)')))


Exception trace:
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in run() at line 94
   status_code = self.do_run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\application.py in do_run() at line 88
   return super(Application, self).do_run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in do_run() at line 197
   status_code = command.run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\command.py in run() at line 77
   return super(BaseCommand, self).run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\base_command.py in run() at line 146
   status_code = self.execute(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\command.py in execute() at line 107
   return self.handle()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\install.py in handle() at line 57
   return_code = installer.run()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\installation\installer.py in run() at line 76
   self._do_install(local_repo)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\installation\installer.py in _do_install() at line 158
   ops = solver.solve(use_latest=self._whitelist)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\puzzle\solver.py in solve() at line 38
   packages, depths = self._solve(use_latest=use_latest)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\puzzle\solver.py in _solve() at line 171
   self._package, self._provider, locked=locked, use_latest=use_latest
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\mixology\__init__.py in resolve_version() at line 7
   return solver.solve()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\mixology\version_solver.py in solve() at line 79
   next = self._choose_package_version()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\mixology\version_solver.py in _choose_package_version() at line 354
   packages = self._provider.search_for(dependency)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\puzzle\provider.py in search_for() at line 146
   allow_prereleases=dependency.allows_prereleases(),
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pool.py in find_packages() at line 65
   name, constraint, extras=extras, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in find_packages() at line 104
   info = self.get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in get_package_info() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\repository.py in remember_forever() at line 174
   val = value(callback)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\helpers.py in value() at line 6
   return val()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in <lambda>() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get_package_info() at line 232
   data = self._get("pypi/{}/json".format(name))
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get() at line 381
   json_response = self._session.get(self._url + endpoint)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in get() at line 546
   return self.request('GET', url, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in request() at line 533
   resp = self.send(prep, **send_kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in send() at line 646
   r = adapter.send(request, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachecontrol\adapter.py in send() at line 53
   resp = super(CacheControlAdapter, self).send(request, **kw)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\adapters.py in send() at line 514
   raise SSLError(e, request=request)

install [--no-dev] [--dry-run] [-E|--extras EXTRAS] [--develop DEVELOP]


(py37) C:\Users\king.kyle\hello_world>

Code

Here are the abbreviated logs from running the minimum steps to reproduce:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\king.kyle>poetry new hello_world
Created package hello_world in hello_world

C:\Users\king.kyle>cd hello_world

C:\Users\king.kyle\hello_world>poetry install
Creating virtualenv hello-world-py3.7 in C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs
Updating dependencies
Resolving dependencies...


[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/pytest/json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verif
y failed: self signed certificate in certificate chain (_ssl.c:1051)')))


install [--no-dev] [--dry-run] [-E|--extras EXTRAS] [--develop DEVELOP]


C:\Users\king.kyle\hello_world>poetry shell
Spawning shell within C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs\hello-world-py3.7
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\king.kyle\hello_world>pip install requests
Collecting requests
  Using cached https://files.pythonhosted.org/packages/7d/e3/20f3d364d6c8e5d2353c72a67778eb189176f08e873c9900e10c0287b84b/requests-2.21.0-py2.py3-none-any.whl
Collecting chardet<3.1.0,>=3.0.2 (from requests)
  Using cached https://files.pythonhosted.org/packages/bc/a9/01ffebfb562e4274b6487b4bb1ddec7ca55ec7510b22e4c51f14098443b8/chardet-3.0.4-py2.py3-none-any.whl
Collecting urllib3<1.25,>=1.21.1 (from requests)
  Using cached https://files.pythonhosted.org/packages/62/00/ee1d7de624db8ba7090d1226aebefab96a2c71cd5cfa7629d6ad3f61b79e/urllib3-1.24.1-py2.py3-none-any.whl
Collecting certifi>=2017.4.17 (from requests)
  Downloading https://files.pythonhosted.org/packages/9f/e0/accfc1b56b57e9750eba272e24c4dddeac86852c2bebd1236674d7887e8a/certifi-2018.11.29-py2.py3-none-any.whl (154kB)
    100% |¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦| 163kB 6.8MB/s
Collecting idna<2.9,>=2.5 (from requests)
  Using cached https://files.pythonhosted.org/packages/14/2c/cd551d81dbe15200be1cf41cd03869a46fe7226e7450af7a6545bfc474c9/idna-2.8-py2.py3-none-any.whl
Installing collected packages: chardet, urllib3, certifi, idna, requests
Successfully installed certifi-2018.11.29 chardet-3.0.4 idna-2.8 requests-2.21.0 urllib3-1.24.1
You are using pip version 10.0.1, however version 18.1 is available.
You should consider upgrading via the 'python -m pip install --upgrade pip' command.

C:\Users\king.kyle\hello_world>poetry -vvv add requests
Using virtualenv: C:\Users\king.kyle\AppData\Local\pypoetry\Cache\virtualenvs\hello-world-py3.7


[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/requests/json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate ver
ify failed: self signed certificate in certificate chain (_ssl.c:1051)')))


Exception trace:
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in run() at line 94
   status_code = self.do_run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\application.py in do_run() at line 88
   return super(Application, self).do_run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\application.py in do_run() at line 197
   status_code = command.run(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\command.py in run() at line 77
   return super(BaseCommand, self).run(i, o)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\base_command.py in run() at line 146
   status_code = self.execute(input_, output_)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cleo\commands\command.py in execute() at line 107
   return self.handle()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\add.py in handle() at line 69
   packages, allow_prereleases=self.option("allow-prereleases")
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\init.py in _determine_requirements() at line 230
   requirement["name"], allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\console\commands\init.py in _find_best_version_for_package() at line 260
   name, required_version, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\version\version_selector.py in find_best_candidate() at line 29
   package_name, constraint, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pool.py in find_packages() at line 65
   name, constraint, extras=extras, allow_prereleases=allow_prereleases
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in find_packages() at line 104
   info = self.get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in get_package_info() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\repository.py in remember_forever() at line 174
   val = value(callback)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachy\helpers.py in value() at line 6
   return val()
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in <lambda>() at line 228
   name, lambda: self._get_package_info(name)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get_package_info() at line 232
   data = self._get("pypi/{}/json".format(name))
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\poetry\repositories\pypi_repository.py in _get() at line 381
   json_response = self._session.get(self._url + endpoint)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in get() at line 546
   return self.request('GET', url, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in request() at line 533
   resp = self.send(prep, **send_kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\sessions.py in send() at line 646
   r = adapter.send(request, **kwargs)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\cachecontrol\adapter.py in send() at line 53
   resp = super(CacheControlAdapter, self).send(request, **kw)
 c:\users\king.kyle\appdata\local\continuum\anaconda2\envs\py37\lib\site-packages\requests\adapters.py in send() at line 514
   raise SSLError(e, request=request)

add [-D|--dev] [--git GIT] [--path PATH] [-E|--extras EXTRAS] [--optional] [--python PYTHON] [--platform PLATFORM] [--allow-prereleases] [--dry-run] [--] <name> (<name>)...


C:\Users\king.kyle\hello_world>python -m pip config list
global.cert='C:\\Programs\\cert\\cacert.pem'
You are using pip version 10.0.1, however version 18.1 is available.
You should consider upgrading via the 'python -m pip install --upgrade pip' command.

C:\Users\king.kyle\hello_world>

Issue Analytics

State:
Created 5 years ago
Reactions:2
Comments:9 (4 by maintainers)

Top GitHub Comments

17reactions

KyleKingcommented, Dec 18, 2018

Turns out requests recognize an environment variable REQUESTS_CA_BUNDLE https://github.com/requests/requests/blob/master/requests/sessions.py#L707

Once set, Poetry worked without issue. Hopefully, this helps someone else out!

Edit: Also, Jean-Philippe summarizes this issue perfectly: https://bugs.python.org/issue28547

16reactions

danibachinicommented, Sep 21, 2022

what worked for me (MacOS): go to Applications > Python folder > double click on “Install Certificates.command” file

Top Results From Across the Web

I receive SSL CERTIFICATE_VERIFY_FAILED when doing ...

what worked for me (MacOS) go to Applications > Python folder > double click on "Install Certificates.command" file.

urllib.error.URLError: <urlopen error [SSL ... - Medium

Having certificate problems when installing Poetry (https://python-poetry.org/docs/) using the recommended way (For osx, curl -sSL https://raw.

Fixing your SSL Verify Errors in Python - Level Up Coding

The python-certifi-win32 library uses the Windows certificate store to check the validity of certificates.

urllib.error.urlerror: <urlopen error [ssl: certificate_verify_failed ...

Here are the steps for macOS: Open the folder /Applications/Python 3.x ( x is the version you are running). Double click the Install...

Repositories | Documentation | Poetry - Python dependency ...

By default, Poetry is configured to use the PyPI repository, for package installation and publishing. So, when you add dependencies to your project, ......