streamrip
streamrip copied to clipboard
nathom
[BUG] ClientConnectorCertificateError
Describe the bug
I can no longer rip tracks from Qobuz with the latest version, even after a clean installation of streamrip.
Command Used
rip url https://www.qobuz.com/nz-en/album/deep-in-your-love-alok-bebe-rexha/hk23zcx2bcgmc
Debug Traceback
[17:16:25] INFO App id/secrets not found, fetching qobuz.py:157
╭─────────────────────────────── Traceback (most recent call last) ────────────────────────────────╮
│ /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/aiohttp/connecto │
│ r.py:992 in _wrap_create_connection │
│ │
│ 989 │ │ │ async with ceil_timeout( │
│ 990 │ │ │ │ timeout.sock_connect, ceil_threshold=timeout.ceil_threshold │
│ 991 │ │ │ ): │
│ ❱ 992 │ │ │ │ return await self._loop.create_connection(*args, **kwargs) │
│ 993 │ │ except cert_errors as exc: │
│ 994 │ │ │ raise ClientConnectorCertificateError(req.connection_key, exc) from exc │
│ 995 │ │ except ssl_errors as exc: │
│ │
│ /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/asyncio/base_events.py:1112 in │
│ create_connection │
│ │
│ ... 2 frames hidden ... │
│ │
│ /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/asyncio/sslproto.py:556 in │
│ _do_handshake │
│ │
│ /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py:979 in do_handshake │
│ │
│ 976 │ │
│ 977 │ def do_handshake(self): │
│ 978 │ │ """Start the SSL/TLS handshake.""" │
│ ❱ 979 │ │ self._sslobj.do_handshake() │
│ 980 │ │
│ 981 │ def unwrap(self): │
│ 982 │ │ """Start the SSL shutdown handshake.""" │
╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed
certificate in certificate chain (_ssl.c:1002)
The above exception was the direct cause of the following exception:
╭─────────────────────────────── Traceback (most recent call last) ────────────────────────────────╮
│ /Library/Frameworks/Python.framework/Versions/3.11/bin/rip:8 in <module> │
│ │
│ 5 from streamrip.rip import rip │
│ 6 if __name__ == '__main__': │
│ 7 │ sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) │
│ ❱ 8 │ sys.exit(rip()) │
│ 9 │
│ │
│ /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/click/core.py:11 │
│ 57 in __call__ │
│ │
│ ... 20 frames hidden ... │
│ │
│ /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/aiohttp/connecto │
│ r.py:1204 in _create_direct_connection │
│ │
│ 1201 │ │ │ ) │
│ 1202 │ │ │ │
│ 1203 │ │ │ try: │
│ ❱ 1204 │ │ │ │ transp, proto = await self._wrap_create_connection( │
│ 1205 │ │ │ │ │ self._factory, │
│ 1206 │ │ │ │ │ host, │
│ 1207 │ │ │ │ │ port, │
│ │
│ /Library/Frameworks/Python.framework/Versions/3.11/lib/python3.11/site-packages/aiohttp/connecto │
│ r.py:994 in _wrap_create_connection │
│ │
│ 991 │ │ │ ): │
│ 992 │ │ │ │ return await self._loop.create_connection(*args, **kwargs) │
│ 993 │ │ except cert_errors as exc: │
│ ❱ 994 │ │ │ raise ClientConnectorCertificateError(req.connection_key, exc) from exc │
│ 995 │ │ except ssl_errors as exc: │
│ 996 │ │ │ raise ClientConnectorSSLError(req.connection_key, exc) from exc │
│ 997 │ │ except OSError as exc: │
╰──────────────────────────────────────────────────────────────────────────────────────────────────╯
ClientConnectorCertificateError: Cannot connect to host play.qobuz.com:443 ssl:True
[SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self
signed certificate in certificate chain (_ssl.c:1002)')]
Config File
[downloads]
# Folder where tracks are downloaded to
folder = "/Users/kenji/StreamripDownloads"
# Put Qobuz albums in a 'Qobuz' folder, Tidal albums in 'Tidal' etc.
source_subdirectories = false
# Download (and convert) tracks all at once, instead of sequentially.
# If you are converting the tracks, or have fast internet, this will
# substantially improve processing speed.
concurrency = true
# The maximum number of tracks to download at once
# If you have very fast internet, you will benefit from a higher value,
# A value that is too high for your bandwidth may cause slowdowns
# Set to -1 for no limit
max_connections = 6
# Max number of API requests per source to handle per minute
# Set to -1 for no limit
requests_per_minute = 60
[qobuz]
# 1: 320kbps MP3, 2: 16/44.1, 3: 24/<=96, 4: 24/>=96
quality = 3
# This will download booklet pdfs that are included with some albums
download_booklets = true
# Authenticate to Qobuz using auth token? Value can be true/false only
use_auth_token = true (used false as well)
# Enter your userid if the above use_auth_token is set to true, else enter your email
email_or_userid = "REDACTED"
# Enter your auth token if the above use_auth_token is set to true, else enter the md5 hash of your plaintext password
password_or_token = "REDACTED"
# Do not change
app_id = ""
# Do not change
secrets = []
[tidal]
# 0: 256kbps AAC, 1: 320kbps AAC, 2: 16/44.1 "HiFi" FLAC, 3: 24/44.1 "MQA" FLAC
quality = 3
# This will download videos included in Video Albums.
download_videos = true
# Do not change any of the fields below
user_id = ""
country_code = ""
access_token = ""
refresh_token = ""
# Tokens last 1 week after refresh. This is the Unix timestamp of the expiration
# time. If you haven't used streamrip in more than a week, you may have to log
# in again using `rip config --tidal`
token_expiry = ""
[deezer]
# 0, 1, or 2
# This only applies to paid Deezer subscriptions. Those using deezloader
# are automatically limited to quality = 1
quality = 2
# An authentication cookie that allows streamrip to use your Deezer account
# See https://github.com/nathom/streamrip/wiki/Finding-Your-Deezer-ARL-Cookie
# for instructions on how to find this
arl = ""
# This allows for free 320kbps MP3 downloads from Deezer
# If an arl is provided, deezloader is never used
use_deezloader = true
# This warns you when the paid deezer account is not logged in and rip falls
# back to deezloader, which is unreliable
deezloader_warnings = true
[soundcloud]
# Only 0 is available for now
quality = 0
# This changes periodically, so it needs to be updated
client_id = ""
app_version = ""
[youtube]
# Only 0 is available for now
quality = 0
# Download the video along with the audio
download_videos = false
# The path to download the videos to
video_downloads_folder = "/Users/kenji/StreamripDownloads/YouTubeVideos"
[database]
# Create a database that contains all the track IDs downloaded so far
# Any time a track logged in the database is requested, it is skipped
# This can be disabled temporarily with the --no-db flag
downloads_enabled = true
# Path to the downloads database
downloads_path = "/Users/kenji/Library/Application Support/streamrip/downloads.db"
# If a download fails, the item ID is stored here. Then, `rip repair` can be
# called to retry the downloads
failed_downloads_enabled = true
failed_downloads_path = "/Users/kenji/Library/Application Support/streamrip/failed_downloads.db"
# Convert tracks to a codec after downloading them.
[conversion]
enabled = false
# FLAC, ALAC, OPUS, MP3, VORBIS, or AAC
codec = "ALAC"
# In Hz. Tracks are downsampled if their sampling rate is greater than this.
# Value of 48000 is recommended to maximize quality and minimize space
sampling_rate = 48000
# Only 16 and 24 are available. It is only applied when the bit depth is higher
# than this value.
bit_depth = 24
# Only applicable for lossy codecs
lossy_bitrate = 320
# Filter a Qobuz artist's discography. Set to 'true' to turn on a filter.
# This will also be applied to other sources, but is not guaranteed to work correctly
[qobuz_filters]
# Remove Collectors Editions, live recordings, etc.
extras = false
# Picks the highest quality out of albums with identical titles.
repeats = false
# Remove EPs and Singles
non_albums = false
# Remove albums whose artist is not the one requested
features = false
# Skip non studio albums
non_studio_albums = false
# Only download remastered albums
non_remaster = false
[artwork]
# Write the image to the audio file
embed = true
# The size of the artwork to embed. Options: thumbnail, small, large, original.
# "original" images can be up to 30MB, and may fail embedding.
# Using "large" is recommended.
embed_size = "large"
# If this is set to a value > 0, max(width, height) of the embedded art will be set to this value in pixels
# Proportions of the image will remain the same
embed_max_width = -1
# Save the cover image at the highest quality as a seperate jpg file
save_artwork = true
# If this is set to a value > 0, max(width, height) of the saved art will be set to this value in pixels
# Proportions of the image will remain the same
saved_max_width = -1
[metadata]
# Sets the value of the 'ALBUM' field in the metadata to the playlist's name.
# This is useful if your music library software organizes tracks based on album name.
set_playlist_to_album = true
# If part of a playlist, sets the `tracknumber` field in the metadata to the track's
# position in the playlist instead of its position in its album
renumber_playlist_tracks = true
# The following metadata tags won't be applied
# See https://github.com/nathom/streamrip/wiki/Metadata-Tag-Names for more info
exclude = []
# Changes the folder and file names generated by streamrip.
[filepaths]
# Create folders for single tracks within the downloads directory using the folder_format
# template
add_singles_to_folder = false
# Available keys: "albumartist", "title", "year", "bit_depth", "sampling_rate",
# "id", and "albumcomposer"
folder_format = "{albumartist} - {title} ({year}) [{container}] [{bit_depth}B-{sampling_rate}kHz]"
# Available keys: "tracknumber", "artist", "albumartist", "composer", "title",
# and "albumcomposer", "explicit"
track_format = "{tracknumber}. {artist} - {title}{explicit}"
# Only allow printable ASCII characters in filenames.
restrict_characters = false
# Truncate the filename if it is greater than this number of characters
# Setting this to false may cause downloads to fail on some systems
truncate_to = 120
# Last.fm playlists are downloaded by searching for the titles of the tracks
[lastfm]
# The source on which to search for the tracks.
source = "qobuz"
# If no results were found with the primary source, the item is searched for
# on this one.
fallback_source = ""
[cli]
# Print "Downloading {Album name}" etc. to screen
text_output = true
# Show resolve, download progress bars
progress_bars = true
# The maximum number of search results to show in the interactive menu
max_search_results = 100
[misc]
# Metadata to identify this config file. Do not change.
version = "2.0"
Operating System
macOS
streamrip version
2.0.2
Screenshots and recordings
No response
Additional context
No response
On MacOS Sonoma. Python 3.12.0. Clean installed streamrip via pip.
Trying to download from Tidal for first time, with fresh config.toml, got same error as OP
ClientConnectorCertificateError: Cannot connect to host auth.tidal.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')]
Error came before getting to the point of asking me to log into Tidal.
I found a solution. The certificates need to be installed. On MacOS
/Applications/Python\ 3.12/Install\ Certificates.command
replace 3.12 with your version of python
@thataboy hey, can you explain what I need to do exactly? thank you
python3 --version: 3.10.11
Certificate.command
#!/bin/sh
/Library/Frameworks/Python.framework/Versions/3.10/bin/python3.10 << "EOF"
# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module. Uses the certificates provided by the certifi package:
# https://pypi.org/project/certifi/
import os
import os.path
import ssl
import stat
import subprocess
import sys
STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
| stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
| stat.S_IROTH | stat.S_IXOTH )
def main():
openssl_dir, openssl_cafile = os.path.split(
ssl.get_default_verify_paths().openssl_cafile)
print(" -- pip install --upgrade certifi")
subprocess.check_call([sys.executable,
"-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])
import certifi
# change working directory to the default SSL directory
os.chdir(openssl_dir)
relpath_to_certifi_cafile = os.path.relpath(certifi.where())
print(" -- removing any existing file or link")
try:
os.remove(openssl_cafile)
except FileNotFoundError:
pass
print(" -- creating symlink to certifi certificate bundle")
os.symlink(relpath_to_certifi_cafile, openssl_cafile)
print(" -- setting permissions")
os.chmod(openssl_cafile, STAT_0o775)
print(" -- update complete")
if __name__ == '__main__':
main()
EOF
