SSL certificate verify failed for Let's Encrypt certificate

[jangxx]

trafficstars

If I run the following code in Pythonista:

import requests

requests.get("https://literalchaos.de")

I get a CERTIFICATE_VERIFY_FAILED error with the following trace:

Traceback (most recent call last):
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/packages/urllib3/connectionpool.py", line 560, in urlopen
    body=body, headers=headers)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/packages/urllib3/connectionpool.py", line 785, in _validate_conn
    conn.connect()
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/packages/urllib3/connection.py", line 253, in connect
    ssl_version=resolved_ssl_version)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/packages/urllib3/util/ssl_.py", line 306, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/ssl.py", line 402, in wrap_socket
    _context=self, _session=session)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/ssl.py", line 809, in _init_
    self.do_handshake()
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/ssl.py", line 1062, in do_handshake
    self._sslobj.do_handshake()
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/ssl.py", line 684, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/adapters.py", line 377, in send
    timeout=timeout
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/packages/urllib3/connectionpool.py", line 589, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/private/var/mobile/Containers/Shared/AppGroup/7A08F46C-7565-497E-A237-5E09C5284D6F/Pythonista3/Documents/test.py", line 3, in <module>
    req = requests.get("https://literalchaos.de")
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/api.py", line 68, in get
    return request('get', url, params=params, **kwargs)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/api.py", line 54, in request
    return session.request(method=method, url=url, **kwargs)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/sessions.py", line 469, in request
    resp = self.send(prep, **send_kwargs)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/sessions.py", line 577, in send
    r = adapter.send(request, **kwargs)
  File "/var/containers/Bundle/Application/4CD5E048-4218-4FB2-AF4A-89CFE5A5D86C/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/site-packages/requests/adapters.py", line 448, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

Accessing the same page in a browser or in curl works of course and accessing other https URLs also works, so this seems to be a problem related to Pythonistas handling of certain SSL certificates.

[cclauss]

Is it a Pythonista problem or a problem with the version of requests that Pythonista bundles?

>>> import requests
>>> requests.__version__
'2.9.1'

The current version of requests is 2.26.0. If you downgrade the version of requests on your desktop/laptop, will you get the same results as Pythonista?

[jangxx]

Seems to be an issue with the version of requests, as I can replicate the issue on my PC with version 2.9.1. Maybe I could try to update requests in Pythonista and see if that fixes anything.

[jangxx]

Okay, with the latest version it actually works, but I would still leave this issue open, since the bundled version should be updated if it is this far out of date I think.

[migracing]

I’m having the same issue. Please update bundled version.

[cclauss]

Is https://pyto.app a workaround?

[migracing]

Thanks for the tip. Yes, it does work. That app actually has lots of potential. I’m just noticing it’s a bit unstable. I’m running a script from the shortcuts app using a callback and it crashes every time. I found a workaround to that issue, but i would prefer pythonista since it’s so stable. They just need to update the modules.

[cclauss]

The advantage of Pyto is that it is open source so if you have a fix for the instability, that would help a lot of people.

[thewellington]

This needs fixing

[danielgen]

This issue is possibly related to this one: https://github.com/omz/Pythonista-Issues/issues/652

[eve-tongue]

How could I update requests on pythonista3 ?

[TekyTech]

I seem to have the same issue with SSL certificate errors in Pythonista?

I tried the simplest code to retrieve a small plain text web page. I tried the same code on iPhone in Pythonista and in Pyto. Tried many other pages too.

Pyto works fine every time.

Pythonista fails with error message on some web sites but not others.

I think I’ve identified a pattern. Pythonista breaks on web sites with Let’s Encrypt SSL Certificate.

Even stranger behavior is that some pages fail on some days but the very same pages seem to return no errors on another day when I tested again. And back to errors again a day later.

I contacted omz-software (omz:software) support a few days ago but haven’t heard from them yet.

The script is extremely simple:

with urllib.request.urlopen(URL) as response:
    html = response.read()

The error I get:

urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

/var/containers/Bundle/Application/08EAF123-C40E-4CCA-98BE-395691A7AC9D/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/urllib/request.py", line 1321, in do_open

var/containers/Bundle/Application/08EAF123-C40E-4CCA-98BE-395691A7AC9D/Pythonista3.app/Frameworks/Py3Kit.framework/pylib/urllib/request.py", line 1362, in https_open context=self._context, check_hostname=self._check_hostname)

I also posted it here in case if anybody responds there first.