python-docs-samples icon indicating copy to clipboard operation
python-docs-samples copied to clipboard
verified publisher icon GoogleCloudPlatform

How to resolve ClientConnectorCertificateError?

Open jshen130 opened this issue 2 months ago • 0 comments

Thanks for stopping by to let us know something could be better!

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

The issue you're having must be related to a file in this repository. We are unable to provide assistance for issues unrelated to samples in this repository.

Please include as much information as possible:

In which file did you encounter the issue?

cloud-sql/mysql/sqlalchemy/connect_connector.py

Did you change the file? If so, how?

No

Describe the issue

When following the local run instructions and executing python app.py, I get the error: aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host sqladmin.googleapis.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')]

I followed the setup instructions as follows:

  1. If you haven't already, set up a Python Development Environment by following the python setup guide and create a project.
  • installed the python, venv, google-cloud-storage, gcloud cli
  • created a project
  1. Create a 2nd Gen Cloud SQL Instance by following these instructions. Note the connection string, database user, and database password that you create.
  • created a MySQL instance with private IP connection
  • connection string was obtained from the "Connection name" field in the instance overview
  • database user was the default 'root' user
  • database password was the generated password for 'root' user
  1. Create a database for your application by following these instructions. Note the database name.
  • created a database
  • database name is the name of the database
  1. Create a service account with the 'Cloud SQL Client' permissions by following these instructions. Download a JSON key to use to authenticate your connection.
  • created a service account through "IAM & Admin" > "Service Accounts" > "+ Create service account" with 'Cloud SQL Client' permissions and 'Cloud SQL Instance User' permissions
  • added this service account to my SQL instance in "Cloud SQL" > "Users" > "+ Add user account" > "Cloud IAM"
  • downloaded the key from the service account "Keys" tab > "Add key"

Debugging attempts: I updated openssl, certifi, urllib3 but these client side certificates were not the issue. Is there a problem with my setup of SQL instance, service account, etc?

Making sure to follow these steps will guarantee the quickest resolution possible.

Thanks!

jshen130 avatar Nov 20 '25 06:11 jshen130