pip icon indicating copy to clipboard operation
pip copied to clipboard

Published 20 hours ago verified publisher icon pypa

Getting ssl certificate errors while using command pip3 install <anything>

Open snmore25 opened this issue 2 years ago • 19 comments

Description

Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping tried adding trusted host and the trusted host command but nothing seems to work for me on centos 7.9 also tried adding trusted host in pip.ini file tried with python 3.10 as well

Expected behavior

No response

pip version

pip-21.2.4

Python version

3.101.2 , 3.11

OS

centos 7.9

How to Reproduce

  1. install python on centos 7 using this link https://linuxstans.com/how-to-install-python-centos/
  2. then use command pip3.11 install unittest-xml-reporting
  3. it throws warnings and error
  4. anything with pip install is not working

Output

[root@localhost Documents]# python3.10 -m pip install -U pip
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Requirement already satisfied: pip in /usr/local/lib/python3.10/site-packages (21.2.4)
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/pip/
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping

Code of Conduct

snmore25 avatar Mar 03 '22 12:03 snmore25

This isn't a pip issue. Your installation of Python is not built with the ssl module. WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

If you run python3.10 -c "import ssl", it will fail with something like

# ./python -c 'import ssl'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/root/Python-3.10.2/Lib/ssl.py", line 98, in <module>
    import _ssl             # if we can't import it, let the error propagate
ModuleNotFoundError: No module named '_ssl'

When compiling python, it said

Could not build the ssl module!
Python requires a OpenSSL 1.1.1 or newer

Python 3.10 requires at laeast OpenSSL 1.1.1 and the package installed by openssl-dev on CentOS 7 is version 1.0.2. You'll need to install a newer OpenSSL version and build Python against i.

dtrodrigues avatar Mar 03 '22 14:03 dtrodrigues

Hello, I have the same problem when trying to use pip, but in my case I don't have the warning "WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.". I have:

  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
ERROR: Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

I am using python 3.8 and if I try run python3.8 -c "import ssl" just works fine. What else could be this problem?

ferqui avatar Mar 13 '22 22:03 ferqui

Hello, I have the same problem when trying to use pip, but in my case I don't have the warning "WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.". I have:

  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])"))': /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl
ERROR: Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/4d/16/0a14ca596f30316efd412a60bdfac02a7259bf8673d4d917dc60b9a21812/pip-22.0.4-py3-none-any.whl (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

I am using python 3.8 and if I try run python3.8 -c "import ssl" just works fine. What else could be this problem?

Also having the same issue on Ubuntu 18.04 with Python 3.8.10, still looking for a solution.

rbdm-qnt avatar Oct 02 '22 01:10 rbdm-qnt

Had this same problem, after updating my system (Manjaro linux). Before that I had no such issue. I already had openssl 3.0.7 butI had to also install the openssl-1.1 package to get it working again

Mate2xo avatar Nov 17 '22 15:11 Mate2xo

Had this same problem, after updating my system (Manjaro linux). Before that I had no such issue. I already had openssl 3.0.7 butI had to also install the openssl-1.1 package to get it working again

Thanks! That solved the issue for me. Also running Manjaro.

diegodukao avatar Nov 28 '22 13:11 diegodukao

I met the same error, and resolved it by below steps:

  1. make sure openssl1.1.1 is installed:
sudo yum install -y openssl11 openssl11-devel
  1. export below options before run ./configure and make:
export CFLAGS="-I/usr/include/openssl11"
export LDFLAGS="-L/usr/lib64/openssl11"
  1. (OPTIONAL) export below option if you have multiple python versions installed, otherwise you might get: "Fatal Python error: init_import_site: Failed to import the site module" while running make:
export PYTHONPATH=/usr/local/lib/python3.11

NOTE1: /usr/local/lib/python3.11 doesn't exist yet in such time. don't worry about it. NOTE2: I'm compiling 3.11, so the folder name is /usr/local/lib/python3.11

  1. compile and install:
./configure --enable-optimizations
make
sudo make altinstall
  1. verify, it would output nothing and you should not see any error message:
python3.11 -c 'import ssl'

NOTE: change python3.11 to correct name

bobwng avatar Sep 22 '23 07:09 bobwng

Just wanted to let you know @bobwng that even after so much time has passed, this was still very helpful. Thank you!

moisecr00 avatar Nov 09 '23 12:11 moisecr00

I tried installing pyOpenSSL and I figured out it is not the problem: pip install pyOpenSSL Requirement already satisfied: pyOpenSSL in e:\cond_env\pytorch\lib\site-packages (23.2.0) Requirement already satisfied: cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0 in e:\cond_env\pytorch\lib\site-packages (from pyOpenSSL) (41.0.3) Requirement already satisfied: cffi>=1.12 in e:\cond_env\pytorch\lib\site-packages (from cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0->pyOpenSSL) (1.15.1) Requirement already satisfied: pycparser in e:\cond_env\pytorch\lib\site-packages (from cffi>=1.12->cryptography!=40.0.0,!=40.0.1,<42,>=38.0.0->pyOpenSSL) (2.21)

The error message I have is: pip install ArabicOcr --trusted-host pypi.python.org WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:997)'))': /simple/arabicocr/ WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:997)'))': /simple/arabicocr/ WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:997)'))': /simple/arabicocr/ WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:997)'))': /simple/arabicocr/ WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:997)'))': /simple/arabicocr/ Could not fetch URL https://pypi.org/simple/arabicocr/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/arabicocr/ (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:997)'))) - skipping
ERROR: Could not find a version that satisfies the requirement ArabicOcr (from versions: none) ERROR: No matching distribution found for ArabicOcr

MohamedElsayed-22 avatar Nov 10 '23 19:11 MohamedElsayed-22

@MohamedElsayed-22 the previously reported issues are related to Linux installs and the fixes are Linux install related. You seem to have some issue with your Windows SSL/Network configuration.

This really isn't the best place to diagnose your SSL/Network configuration and you would be best served by reaching out to peers or help forums.

That said, particularly if you are in a large organization with custom network configuration, you may find that setting up px-proxy, then pointing your Pip to px-proxy as it's proxy might get things to work. It's something I often had to do when working in a large enterprise to get Python tools to work with the Internet.

notatallshaw avatar Nov 10 '23 20:11 notatallshaw

Yes I got it. At first I skimmed the issue quickly. I worked on the proxy settings and worked.

Thanks :)

MohamedElsayed-22 avatar Nov 10 '23 21:11 MohamedElsayed-22

Getting below error for installing pip with 22.0.1 from python 3.9.

Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping ERROR: Could not find a version that satisfies the requirement pip==22.0.1 (from versions: none) ERROR: No matching distribution found for pip==22.0.1

Solution: pip requires OpenSSL to be installed on the machine. If it is not installed then we get the above error.

Try Installing OpenSSL 1.1.1g with below steps:

  1. Run wget with the URL to download the file. wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz

  2. Confirm the file's integrity by downloading the SHA256 file on the same page next to it. wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz.sha256

  3. View the checksum to confirm the version you downloaded is safe to use. sha256sum openssl-1.1.1g.tar.gz ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46 openssl-1.1.1g.tar.gz cat openssl-1.1.1g.tar.gz.sha256 ddb04774f1e32f0c49751e21b67216ac87852ceb056b75209af2443400636d46 If they match, proceed with the next step.

  4. Decompress this file. tar zxvf openssl-1.1.1g.tar.gz

  5. Change into the new openssl directory cd openssl-1.1.1g

  6. Configure openssl: ./config --prefix=/home/username/openssl --openssldir=/home/username/openssl no-ssl2 provide your username in /home/username/openssl

  7. Run make. Once that is finished, run make test: make make test At the end, you should see All tests successful.

  8. Run make install make install

  9. Change back to your [home directory] cd ~

  10. Add the following lines to your .bash_profile.

export PATH=$HOME/openssl/bin:$PATH
export LD_LIBRARY_PATH=$HOME/openssl/lib
export LC_ALL="en_US.UTF-8"
export LDFLAGS="-L /home/username/openssl/lib -Wl,-rpath,/home/username/openssl/lib"

In the last line, make sure to change username to your [Shell user].

  1. Update the .bash_profile. . ~/.bash_profile

  2. Test to confirm it's installed in the correct location and that the version is 1.1.1. which openssl /home/username/openssl/bin/openssl openssl version OpenSSL 1.1.1g 21 Apr 2020

  3. Then try installing pip using below command python -m pip install -U pip

sanjivanishinde avatar Jan 16 '24 11:01 sanjivanishinde

I had the same problem. I installed Ubuntu22.04 in raspberry pi, and I wanted to use the command, 'pip install', in the system. However, I met the error like this :

Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1131)'))) - skipping ERROR: Could not find a version that satisfies the requirement pip (from versions: none) ERROR: No matching distribution found for pip

I tried to open the URL 'https://pypi.org/simple/pip/' in browser, the browser couldn't open it either, it reported the error:

Your Computer Clock is Wrong Your computer thinks it is May 13, 2023, which prevents Firefox from connecting securely. To visit pypi.org, update your computer clock in your system settings to the current date, time, and time zone, and then refresh pypi.org.

So I updated my system clock using ntpdate. And then all the problems mentioned were solved.

Ruoshui-Wu avatar May 13 '24 10:05 Ruoshui-Wu

I met the same error, and resolved it by below steps:

  1. make sure openssl1.1.1 is installed:
sudo yum install -y openssl11 openssl11-devel
  1. export below options before run ./configure and make:
export CFLAGS="-I/usr/include/openssl11"
export LDFLAGS="-L/usr/lib64/openssl11"
  1. (OPTIONAL) export below option if you have multiple python versions installed, otherwise you might get: "Fatal Python error: init_import_site: Failed to import the site module" while running make:
export PYTHONPATH=/usr/local/lib/python3.11

NOTE1: /usr/local/lib/python3.11 doesn't exist yet in such time. don't worry about it. NOTE2: I'm compiling 3.11, so the folder name is /usr/local/lib/python3.11

  1. compile and install:
./configure --enable-optimizations
make
sudo make altinstall
  1. verify, it would output nothing and you should not see any error message:
python3.11 -c 'import ssl'

NOTE: change python3.11 to correct name

tranks, its work for me too :)))

carmuno avatar May 27 '24 11:05 carmuno

The following solved the problem on my Mac: brew install [email protected]

slava-nat avatar Jun 14 '24 11:06 slava-nat

I found a really good and complete explanation bellow.

  • Title: How to install a shared Python for multiple accounts without SSL issues

https://medium.com/@enahwe/how-to-06bc8a042345

enahwe avatar Jun 27 '24 16:06 enahwe

I had the same problem. I installed Ubuntu22.04 in raspberry pi, and I wanted to use the command, 'pip install', in the system. However, I met the error like this :

Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate is not yet valid (_ssl.c:1131)'))) - skipping ERROR: Could not find a version that satisfies the requirement pip (from versions: none) ERROR: No matching distribution found for pip

I tried to open the URL 'https://pypi.org/simple/pip/' in browser, the browser couldn't open it either, it reported the error:

Your Computer Clock is Wrong Your computer thinks it is May 13, 2023, which prevents Firefox from connecting securely. To visit pypi.org, update your computer clock in your system settings to the current date, time, and time zone, and then refresh pypi.org.

So I updated my system clock using ntpdate. And then all the problems mentioned were solved.

That's not what it is. When you paste it in your browser there's a colon at the end. If you delete it everything is fine. However, I don't know how to stop Python from trying to download files without the colon.

Here's part of my output when it fails to find beautifulsoup
Could not fetch URL https://pypi.org/simple/beautifulsoup4/:

image

And here's the colon removed.

image

Question is, how stop python from adding the colon.

AnonymousRonin avatar Oct 02 '24 00:10 AnonymousRonin

Question is, how stop python from adding the colon.

The colon is just part of the error message, it is not being used as part of the URL.

notatallshaw avatar Oct 02 '24 00:10 notatallshaw

maybe you should turn off your vpn

CHampppppppp avatar Oct 27 '24 04:10 CHampppppppp

maybe you should turn off your vpn

it is working for me

CHampppppppp avatar Oct 27 '24 04:10 CHampppppppp