open-mmlab
[Bug] SSL certificate expired for https://download.openmmlab.com
Prerequisite
- [x] I have searched Issues and Discussions but cannot get the expected help.
- [x] The bug has not been fixed in the latest version(https://github.com/open-mmlab/mmcv).
Environment
SSL certificate has expired https://download.openmmlab.com
Reproduces the problem - code sample
na
Reproduces the problem - command or script
n/a
Reproduces the problem - error message
n/a
Additional information
n/a
IT SEEMS ITS EXPIRED ON Aug 16 23:59:59 2025 GMT, AM FACING SMAE ISSUE,
curl -I https://download.openmmlab.com
#OUTPUT.
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
My company is facing the same issue, need the new SSL ASAP to run our upcoming security audit.
Yes, got same error,
certificate verify failed: certificate has expired (_ssl.c:1007)
same
> openssl s_client -connect download.openmmlab.com:443 -servername download.openmmlab.com </dev/null 2>/dev/null \
| openssl x509 -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
08:7e:16:91:02:b5:1f:1d:45:6b:1b:e2:a8:69:fa:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = Encryption Everywhere DV TLS CA - G1
Validity
Not Before: Aug 15 00:00:00 2024 GMT
Not After : Aug 16 23:59:59 2025 GMT
Subject: CN = *.openmmlab.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:b5:68:9f:d3:91:19:19:6e:f6:6e:f6:f9:96:5d:
21:09:87:94:84:00:93:35:80:a4:4d:43:08:17:94:
9c:3e:dd:ff:9e:5e:f2:72:bb:03:d7:79:12:cf:1d:
dc:e2:52:ea:ba:64:5e:75:ca:50:12:93:18:37:26:
ac:9a:70:5b:df:a2:2d:f2:24:b7:c0:bb:ef:04:93:
65:44:80:61:9b:55:1c:e5:06:1a:82:24:01:43:b7:
bd:34:de:be:dd:59:78:33:8f:d7:77:e1:9d:b2:87:
09:b9:c8:2c:7f:c8:0d:8b:e4:a3:00:53:7b:c5:4f:
5a:a2:54:33:6a:e9:5d:65:58:22:57:d3:76:92:ed:
17:6a:a0:be:01:fb:62:f4:81:04:f7:08:fa:d4:27:
73:0d:d3:1e:7c:5b:97:ec:ee:83:25:a6:56:dc:2c:
2d:14:47:cd:18:3a:69:61:6b:78:6e:e7:d7:d3:2c:
5a:14:d5:c0:1d:fe:72:b6:8e:b5:f9:cc:ef:ee:91:
dc:58:43:23:90:10:23:79:0d:40:88:c3:51:76:03:
02:46:0b:23:43:5b:4d:4f:df:43:09:3a:7c:61:b3:
46:05:69:de:f8:58:7f:e8:b9:35:6b:b4:76:fd:d2:
98:88:76:97:ef:e1:80:bb:83:0d:bc:e9:25:27:97:
43:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
55:74:4F:B2:72:4F:F5:60:BA:50:D1:D7:E6:51:5C:9A:01:87:1A:D7
X509v3 Subject Key Identifier:
19:8B:C2:54:A5:EE:BB:4E:E6:66:F9:C0:2A:FF:3B:C2:01:CF:63:16
X509v3 Subject Alternative Name:
DNS:*.openmmlab.com, DNS:openmmlab.com
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.1
CPS: http://www.digicert.com/CPS
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/EncryptionEverywhereDVTLSCA-G1.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 12:F1:4E:34:BD:53:72:4C:84:06:19:C3:8F:3F:7A:13:
F8:E7:B5:62:87:88:9C:6D:30:05:84:EB:E5:86:26:3A
Timestamp : Aug 15 14:50:13.187 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:D6:1D:F0:7D:59:9E:86:45:38:13:29:
D0:06:9F:A4:77:5E:A3:0D:F5:54:B7:48:6C:97:BC:5B:
53:AB:0F:15:85:02:20:5F:54:52:9A:FB:BA:F9:EB:0D:
20:AC:14:D3:A7:E2:3C:BE:FA:E1:6B:C3:03:CA:89:13:
BC:16:FE:D6:D0:7F:EA
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0:
87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8
Timestamp : Aug 15 14:50:13.121 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:28:47:E0:DF:5B:25:47:D6:8C:E5:65:54:
AE:C3:5B:AC:8F:33:EF:1D:15:B5:C8:94:08:D5:D5:8A:
18:78:FE:5A:02:20:5D:07:97:55:DB:98:FB:40:2C:1B:
7D:B1:DF:70:1D:2A:7C:9C:42:A5:E8:82:A5:48:97:12:
49:3C:5F:0D:F8:6E
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : E6:D2:31:63:40:77:8C:C1:10:41:06:D7:71:B9:CE:C1:
D2:40:F6:96:84:86:FB:BA:87:32:1D:FD:1E:37:8E:50
Timestamp : Aug 15 14:50:13.141 2024 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:46:02:21:00:D7:B9:94:2F:7C:63:23:69:13:6F:C9:
1C:6C:A4:FA:CD:3C:A9:6F:F3:44:A1:9C:51:B2:F3:0B:
6A:08:05:5E:99:02:21:00:F0:A0:A9:F8:CA:3E:A8:18:
7A:1C:F8:22:90:C9:43:8B:E4:A7:E8:19:F8:11:0F:47:
BD:AF:03:83:CE:68:90:B1
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
5e:32:cf:32:b8:18:03:2c:03:b3:3c:9c:8d:b6:bc:c5:99:f7:
de:60:eb:b7:39:8f:b1:26:e8:d3:85:d1:a3:cb:bd:cc:2a:7e:
05:17:33:71:93:9b:a6:cb:9c:70:4c:53:44:46:62:6f:69:81:
1d:21:a3:f4:99:74:fd:1f:c6:4a:fa:2b:59:d8:77:3b:99:dc:
85:ce:5e:c4:ce:0d:65:04:23:52:8d:7e:5d:9d:09:e7:33:0c:
26:21:39:d1:70:01:9b:7a:94:2a:25:d1:4c:a8:20:9f:24:62:
77:f1:57:3c:96:41:7d:41:44:66:0b:a0:14:b5:05:eb:68:d4:
dc:d2:18:15:d0:a8:6a:11:4e:6a:25:53:60:ea:01:53:19:6a:
0c:0d:6e:b9:52:1a:8a:b0:ba:6a:7b:f7:98:b8:c1:6f:62:ff:
1a:43:48:c7:26:69:a3:94:21:2c:6e:fa:73:11:56:da:16:fd:
5a:5a:53:2a:20:db:f6:9b:54:8c:12:83:98:ea:4a:d8:17:3d:
2f:d4:f2:ef:36:51:7f:da:e9:41:75:f6:b3:47:d8:8c:7b:fb:
9d:cc:0f:8c:38:07:28:05:d9:57:02:4c:ba:a9:1a:c2:b4:e4:
0f:d7:8e:af:4c:58:8b:c1:aa:ce:ad:79:ab:f2:1e:9b:07:49:
25:da:4d:a1
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgIQCH4WkQK1Hx1FaxviqGn60DANBgkqhkiG9w0BAQsFADBu
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMS0wKwYDVQQDEyRFbmNyeXB0aW9uIEV2ZXJ5d2hlcmUg
RFYgVExTIENBIC0gRzEwHhcNMjQwODE1MDAwMDAwWhcNMjUwODE2MjM1OTU5WjAa
MRgwFgYDVQQDDA8qLm9wZW5tbWxhYi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQC1aJ/TkRkZbvZu9vmWXSEJh5SEAJM1gKRNQwgXlJw+3f+eXvJy
uwPXeRLPHdziUuq6ZF51ylASkxg3JqyacFvfoi3yJLfAu+8Ek2VEgGGbVRzlBhqC
JAFDt7003r7dWXgzj9d34Z2yhwm5yCx/yA2L5KMAU3vFT1qiVDNq6V1lWCJX03aS
7RdqoL4B+2L0gQT3CPrUJ3MN0x58W5fs7oMlplbcLC0UR80YOmlha3hu59fTLFoU
1cAd/nK2jrX5zO/ukdxYQyOQECN5DUCIw1F2AwJGCyNDW01P30MJOnxhs0YFad74
WH/ouTVrtHb90piIdpfv4YC7gw286SUnl0PJAgMBAAGjggLxMIIC7TAfBgNVHSME
GDAWgBRVdE+yck/1YLpQ0dfmUVyaAYca1zAdBgNVHQ4EFgQUGYvCVKXuu07mZvnA
Kv87wgHPYxYwKQYDVR0RBCIwIIIPKi5vcGVubW1sYWIuY29tgg1vcGVubW1sYWIu
Y29tMD4GA1UdIAQ3MDUwMwYGZ4EMAQIBMCkwJwYIKwYBBQUHAgEWG2h0dHA6Ly93
d3cuZGlnaWNlcnQuY29tL0NQUzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYI
KwYBBQUHAwEGCCsGAQUFBwMCMIGABggrBgEFBQcBAQR0MHIwJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBKBggrBgEFBQcwAoY+aHR0cDovL2Nh
Y2VydHMuZGlnaWNlcnQuY29tL0VuY3J5cHRpb25FdmVyeXdoZXJlRFZUTFNDQS1H
MS5jcnQwDAYDVR0TAQH/BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHYA
EvFONL1TckyEBhnDjz96E/jntWKHiJxtMAWE6+WGJjoAAAGRVoSNQwAABAMARzBF
AiEA1h3wfVmehkU4EynQBp+kd16jDfVUt0hsl7xbU6sPFYUCIF9UUpr7uvnrDSCs
FNOn4jy++uFrwwPKiRO8Fv7W0H/qAHUAfVkeEuF4KnscYWd8Xv340IdcFKBOlZ65
Ay/ZDowuebgAAAGRVoSNAQAABAMARjBEAiAoR+DfWyVH1ozlZVSuw1usjzPvHRW1
yJQI1dWKGHj+WgIgXQeXVduY+0AsG32x33AdKnycQqXogqVIlxJJPF8N+G4AdwDm
0jFjQHeMwRBBBtdxuc7B0kD2loSG+7qHMh39HjeOUAAAAZFWhI0VAAAEAwBIMEYC
IQDXuZQvfGMjaRNvyRxspPrNPKlv80ShnFGy8wtqCAVemQIhAPCgqfjKPqgYehz4
IpDJQ4vkp+gZ+BEPR72vA4POaJCxMA0GCSqGSIb3DQEBCwUAA4IBAQBeMs8yuBgD
LAOzPJyNtrzFmffeYOu3OY+xJujThdGjy73MKn4FFzNxk5umy5xwTFNERmJvaYEd
IaP0mXT9H8ZK+itZ2Hc7mdyFzl7Ezg1lBCNSjX5dnQnnMwwmITnRcAGbepQqJdFM
qCCfJGJ38Vc8lkF9QURmC6AUtQXraNTc0hgV0KhqEU5qJVNg6gFTGWoMDW65UhqK
sLpqe/eYuMFvYv8aQ0jHJmmjlCEsbvpzEVbaFv1aWlMqINv2m1SMEoOY6krYFz0v
1PLvNlF/2ulBdfazR9iMe/udzA+MOAcoBdlXAky6qRrCtOQP146vTFiLwarOrXmr
8h6bB0kl2k2h
-----END CERTIFICATE-----
Hi everyone, we found a temporary mitigation.
- Download the relevant wheel in
bashwith SSL disabled. For example:
#!/bin/bash
# Script to download mmcv wheels from OpenMMLab with SSL verification disabled
# This is needed because the SSL certificate for download.openmmlab.com has expired
set -e
# Create a directory for the wheels
mkdir -p mmcv-wheels
cd mmcv-wheels
echo "Downloading mmcv wheels..."
# Download Python 3.10 wheel
echo "Downloading mmcv for Python 3.10..."
curl --insecure -L -o mmcv-2.1.0-cp310-cp310-manylinux1_x86_64.whl \
"https://download.openmmlab.com/mmcv/dist/cu121/torch2.1.0/mmcv-2.1.0-cp310-cp310-manylinux1_x86_64.whl"
- Host the wheel on s3 such that it is accessible to wherever you are installing.
- Update your
pyprojectto point to s3:
mmcv = {url = "https://<REDACTED>-public-artifacts.s3.us-west-2.amazonaws.com/mmcv-wheels/mmcv-2.1.0-cp310-cp310-manylinux1_x86_64.whl", markers = "python_version == '3.10' and sys_platform == 'linux' and platform_machine == 'x86_64'"}
I am not a maintainer on this project.
If you have historical poetry lock files, you can use those to verify the sha256 hashes of the wheel files that you are using
If you are using v2.2.0 these https wheels may work https://miropsota.github.io/torch_packages_builder/mmcv/
How to deal with this bug?This bug casuses to SSL error when download mmcv, which makes me impossible to setup environment to run code
This is not a client side issue.
- OpenMMLab has to obtain a new certificate from a CA on their end
SSL is essentially a protocol that makes sure that your connection to the server is secure preventing potential man in the middle attacks. So I wouldn't recommend bypassing it, especially in prod.
Potential Solution:
If you can manage to find a docker image that meets your requirements it should work as a temporary fix
This is not a client side issue.
- OpenMMLab has to obtain a new certificate from a CA on their end
SSL is essentially a protocol that makes sure that your connection to the server is secure preventing potential man in the middle attacks. So I wouldn't recommend bypassing it, especially in prod.
Potential Solution:
If you can manage to find a docker image that meets your requirements it should work as a temporary fix Thanks
The maintainers have to update their ssl certificate. This is also discussed here: https://github.com/open-mmlab/mmengine/issues/1661 https://github.com/open-mmlab/mmpose/issues/3237
pip install mmcv==2.1.0 --trusted-host download.openmmlab.com -f https://download.openmmlab.com/mmcv/dist/cu118/torch2.1.0/index.html
This skips SSL verification. Worked for me.
pip install mmcv==2.1.0 --trusted-host download.openmmlab.com -f https://download.openmmlab.com/mmcv/dist/cu118/torch2.1.0/index.html
This skips SSL verification. Worked for me.
Yes you can disable ssl verification, but it's a really bad idea, at least for production code.
it seems that certificate was renewed, but it shows expiry date 08-09-2025 now. Let's see if they renew again.
Hey OpenMMLab community! 👋 We've updated 7 core repos (MMDetection, MMSegmentation, and others) to work with the latest PyTorch and made them production-ready for our AI platform.
We're committed to maintaining these repos going forward and encourage you to contribute features through pull requests.
Check them out if you need PyTorch compatibility: https://github.com/VBTI-development— feedback welcome!
We also copied all artefacts to prevent these certificate problems (mmassets.onedl.ai). Feel free to use them!
