Open sven-h opened 2 years ago
@sven-h did you figure out any workaround for this?
Hi @cmosguy , unfortunately not. Do you experienced the same problem?
I gave up @sven-h , dumping this package...
Try:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
Hi,
I recently noticed that the download of webpages/APIs using Let's Encrypt does not work on Windows.
Actual Behavior
As an example, the following python code snippet will throw a
SSLCertVerificationError
on Windows with a recent version of OpenSSL package:The error (full error at the end)
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1076)
is a bit misleading because the certificate is actually valid and not expired. The main problem is that the openSSL package of Anaconda is statically setting theopenssldir
to%CommonProgramFiles%\ssl
. Usually this folder does not exist and thus does not contain any certificates.You can check which folder it uses by executing
openssl version -d
after the activation of the corresponding environment.Due to a change of the Let's Encrypt cerificates, the
ISRG Root X1 certificate
is not in the trust store anymore (starting from June 2021). Thus the validation of the certificate fails (you can check by executingopenssl s_client -connect letsencrypt.org:443
to also see the trace of certificate).Even tough I copied the certificates from
{venv_location}/Library/ssl
to%CommonProgramFiles%\ssl
the error does not dissapear.Expected Behavior
Use the certificates from
ca-certificates
package (which is the case for linux).Steps to Reproduce
On Windows, create a new venv
conda create -n py37 python=3.7
and execute the python snippet from the top.Operating System: Windows
conda info
conda list --show-channel-urls
Full error: