Closed petebachant closed 7 years ago
I can reproduce this on Windows with a command as simple as conda install networkx
>>> conda install networkx
Solving package specifications: INFO:stdoutlog:Solving package specifications:
Package plan for installation in environment C:\miniconda3:
The following packages will be downloaded:
package | build
---------------------------|-----------------
decorator-4.0.4 | py34_0 6 KB
networkx-1.10 | py34_0 1.1 MB
------------------------------------------------------------
Total: 1.2 MB
The following NEW packages will be INSTALLED:
decorator: 4.0.4-py34_0
networkx: 1.10-py34_0
Proceed ([y]/n)?
Fetching packages ...
INFO:print:Fetching packages ...
Could not connect to https://repo.continuum.io/pkgs/free/win-64/decorator-4.0.4-py34_0.tar.bz2
INFO:stderrlog:Could not connect to https://repo.continuum.io/pkgs/free/win-64/decorator-4.0.4-py34_0.tar.bz2
Error: Connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600): https://repo.continuum.io/pkgs/free/win-64/decorator-4.0.4-py34_0.tar.bz2
From my experience, the latest updates of certifi require updated versions of openssl (1.0.2d) and cryptography (1.0.2)
@petebachant, I'm surprised that openssl doesn't appear in your list of installed packages.
:P
Error: Connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certific
ate verify failed (_ssl.c:600): https://repo.continuum.io/pkgs/fre
e/win-64/openssl-1.0.2d-vc10_0.tar.bz2
Try removing certifi, updating openssl, then if you want, reinstall certifi.
Removing certifi
got rid of the error message, but as a default Anaconda package, I'm not sure that's really a fix. The error message came back after installing openssl
and then certifi
.
Same problem for me.
I forgot to mention that cryptography needs to be updated as well.
Confirmed that conda remove certifi
fixes it.
Doesnt solve ....this issue even after removing certifi
Had the same problem on Windows 10 after installing jupyter, conda remove certifi
fixed it
Here is an issue detailing the changes and reasons why these errors are surfacing. https://github.com/certifi/python-certifi/issues/26
Thanks, @groutr . Can you please post detailed workaround steps here, to save people having to trawl through comment history?
Same issue here. Thanks for the solution of removing the bad guy "certifi".
SSL verification errors after updating certifi in Anaconda:
Recently, an update to the certifi package broke SSL verification. This upgrade was necessary to ensure security for users of the Anaconda platform. Unfortunately, we were not able to devise an upgrade path that does not require some manual user intervention. To fix your system, please follow these steps: Update openssl and cryptography packages to 1.0.2d and 1.0.2, respectively:
conda update openssl cryptography
next, update certifi:
conda update certifi
Problems arise when certifi is updated prior to updating openssl and cryptography. If you are seeing SSL errors, the best way to restore your system is to: Set ssl_verify to False in .condarc
In .condarc, set the following
conda config --set ssl_verify False
conda update openssl cryptography
conda update certifi
This is explained very well in this blog post: https://lukasa.co.uk/2015/04/Certifi_State_Of_Union/
The short story is, the updated certifi removed old, insecure certificates. The new certificates in certifi can only be used by OpenSSL >=1.0.2 Along with OpenSSL, cryptography needs to be updated (compiled against the new openssl package).
There was a lengthy discussion in this issue that touches a number of good points: https://github.com/certifi/python-certifi/issues/26
Here are two comments from the author/maintainer of certifi that justify why the updates to certifi were the Right Thing to do.
Security software works by breaking your application any time it does something that fails to meet a certain security threshold. Whenever you change your application or your dependencies, what previously worked may not work. In this sense, certifi is exactly like AppArmor/SELinux: each change to either those or your codebase risk breaking your application.
In this case, certifi broke your application because the security of your web request was based on whether or not someone was able to crack one of the 1024-bit keys used by certain CAs. Those keys are weak, and at a certain point we do need to stop trusting them. Mozilla, Chrome, IE, and Safari have all stopped trusting them: why are you?
Cracking those 1024-bit keys is within the computational reach of nation-state attackers at this stage, and is not far from the reach of large organisations (e.g. Amazon). A certificate chain is only as strong as its weakest link, and a 1024-bit key is judged to be unacceptably weak by all reputable authorities in this area. The fact that we didn't by default protect users from them for a whole year is arguably a dereliction of duty on our part. Our most recent change was to step up our default protection and force you to consciously weaken it, or take steps to mitigate."
Here is why that is potentially a bad idea. From the Requests Documentation: "By default Requests bundles a set of root CAs that it trusts, sourced from the Mozilla trust store. However, these are only updated once for each Requests version. This means that if you pin a Requests version your certificates can become extremely out of date.
From Requests version 2.4.0 onwards, Requests will attempt to use certificates from certifi if it is present on the system. This allows for users to update their trusted certificates without having to change the code that runs on their system.
For the sake of security we recommend upgrading certifi frequently!"
Since requests has been updated recently in the Anaconda repositories, the certificates that ship with requests are almost identical to certifi. The reason why certifi was separated out of requests by the developers was to permit users to update the certificates independently of updating requests. Requests will attempt to use certifi's certificate bundle and fall back onto its own built-in bundle. It is possible, especially on systems where requests is pinned to a certain version, for the certificates to become out of date. The certifi packages fixes this problem by always providing a secure, updated bundle of certificates.
I have Windows7 X64 bit machine. I was not able to find .condarc file. Therefore I can not disable it. But I was able to remove certifi and update openssl and cryptography. When I re-installed certifi, my other updates were still giving SSL certification error. Therefore I removed certifi again and it is working. Therefore a work around will be better for future updates.
The .condarc
, if it exists, should be in your home folder (on windows that would be your folder in C:\Users). If .condarc
does not exist, you should create the file to add the line discussed above.
Alternatively, you can use conda config
conda config --set ssl_verify False
This will create the .condarc
file and add the line.
Groutr, Man thanks a lot. I was having this issue for I long time. I tried to solve it 2 mths ago and I gust give up. So literally I stopped to use python.
So I did the step where disable SSL verification a than I installed "openssl" (I hadn't it previously) and reinstalled "certifi" ( I removed it trying fixing). Both installations was smooth and fine.
But.. After it I tried to run "conda update --all" I received the following msg: (FYI I cant install nothing if I empty .condarc file)
C:\Users\Flavio\Documents\python\python\PVaR>conda update --all Fetching package metadata: .... Solving package specifications: .. Error: Unsatisfiable package specifications. Generating hint: [ COMPLETE ]|##################################################| 100%
Hint: 'openssl' has unsatisfiable dependencies (see 'conda info openssl')
Note that the following features are enabled:
That is due to a bug in conda. Please run
conda update conda
Then try again.
On Tue, Nov 17, 2015, 08:20 Flaviolib notifications@github.com wrote:
Groutr, Man thanks a lot. I was having this issue for I long time. I tried to solve it 2 mths ago and I gust give up. So literally I stopped to use python.
So I did the step where disable SSL verification a than I installed "openssl" (I hadn't it previously) and reinstalled "certifi" ( I removed it trying fixing). Both installations was smooth and fine.
But.. After it I tried to run "conda update --all" I received the following msg:
C:\Users\Flavio\Documents\python\python\PVaR>conda update --all Fetching package metadata: .... Solving package specifications: ..
Error: Unsatisfiable package specifications. Generating hint: [ COMPLETE ]|##################################################| 100%
Hint: 'openssl' has unsatisfiable dependencies (see 'conda info openssl')
Note that the following features are enabled:
- vc9
- vc14
- vc10
— Reply to this email directly or view it on GitHub https://github.com/ContinuumIO/anaconda-issues/issues/494#issuecomment-157381720 .
Hi mate, same thing.
It says that conda is already updated see below. And I still just able to install or update anything if I keep set ssl_verify False
C:\Users\Flavio\Documents\python\python\PVaR>conda update conda Fetching package metadata: ....
# conda 3.18.5 py34_0
I've been wrestling with this issue for over a week. Although I have a workaround that seems to take, I am extremely confused at this point. Given this is a security feature, I don't want to simply disable it. I was able to make things work by downgrading my certifi package to a previous version through the following commands:
conda config --set ssl_verify False
conda install certifi=14.05.14
conda config --set ssl_verify True
Was this smart? I have no idea. But then I noticed the person above solved everything by reinstalling Anaconda. Looking at the changelog, it looks like certifi has been removed altogether from the Anaconda distribution:
http://docs.continuum.io/anaconda/changelog
Does this mean they have removed the security features altogether? Or is it now handled by another package? Should I simply delete the package from my version of the distribution?
Thanks. These issues are making my head spin.
Hey pmkelly00, your last comment was from almost a month ago. Have you resolved this issue?
Thanks for getting back to me. To be honest, I am still confused but am not receiving any error messages at this time.
I am seeing what appears to be conflicting guidance about the certifi package. One of the posts above suggests you should not delete it, and yet the latest anaconda package does not include it by default.
Should I keep it in my local distribution(s) or get rid of it? Does conda/anaconda make use of it at all?
Thanks.
I'm getting this also. It is likely not a client error...
$ curl -LO https://repo.continuum.io/miniconda/Miniconda-latest-Linux-x86.sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
Well the problem for me was caused by a channel address using the old binstar web address, where the certificate appears to have expired. Fixed by switching the channel to anaconda.org address.
Hi guys, I am facing the same problem at work. Its been like a week now.
In my system, the 'conda install' command also throws out a SSL Verification Error. Its saying 'could not connect to http://repo.continuum....'. So basically, I am not able to install/remove any package from the cmd. Is this problem because of my network settings I am wondering? The fact that I am doing all these things from my work system? I am working on win64bit. I am not able to download MinGW through either of the sources, cmd using conda OR setup.exe (that is also throwing an error while installing mingw-get')
Until now, I've tried troubleshooting using the steps provided by groutr. I was surprised that my conda env. did not have certifi package. So I downloaded it from the source (can't get it through cmd). Now interestingly, I can call certifi from the repl, but when I try to remove/update it using 'conda install/update'.. Conda tells me that there is no package named 'certifi' in the path C:\Anaconda2 environment. How is that even possible?
Sorry if my comment is very noobish but I am desperately trying to find a solution here. My background is not from CS but from Statistics. Any help/suggestions is appreciated. Basically what I trying to do is get g++ (minGW) which will get theano (and hence keras) up and running. Thanks.
Installing with pip or from source will not add the package to conda's list and will probably break stuff. Bad plan there.
Try to follow the steps above, changing your channels to anaconda.org, and upgrading conda.
I am having the same problem as pmkelly00 and statchaitya. I originally installed anaconda back in early 2016 and first came across this problem a few months ago. I found this post and tried following groutr's instructions. However, I never had certifi installed in the first place. So I followed all instructions but instead of updating certifi, I installed it. When I set the ssl verify back to true, I still am getting the same error:
Connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
Note that my error code is 645, which is different than the original post, 600. Not sure if that's relevant.
After this I just tried uninstalling and re-installing Anaconda. Again, I notice that it comes with the most updated openssl and cryptography, but is missing certifi. I am having the same exact error mentioned previously. I also tried the recommended solution from groutr and still have the errors.
conda info -a
Current conda install:
platform : win-64
conda version : 4.1.11
conda-env version : 2.5.2
conda-build version : 1.21.3
python version : 3.5.2.final.0
requests version : 2.10.0
root environment : C:\Users\I53224\AppData\Local\Continuum\Anaconda3 (writable)
default environment : C:\Users\I53224\AppData\Local\Continuum\Anaconda3
envs directories : C:\Users\I53224\AppData\Local\Continuum\Anaconda3\envs
package cache : C:\Users\I53224\AppData\Local\Continuum\Anaconda3\pkgs
channel URLs : https://repo.continuum.io/pkgs/free/win-64/
https://repo.continuum.io/pkgs/free/noarch/
https://repo.continuum.io/pkgs/pro/win-64/
https://repo.continuum.io/pkgs/pro/noarch/
https://repo.continuum.io/pkgs/msys2/win-64/
https://repo.continuum.io/pkgs/msys2/noarch/
config file : C:\Users\I53224\.condarc
offline mode : False
is foreign system : False
# conda environments:
#
root * C:\Users\I53224\AppData\Local\Continuum\Anaconda3
sys.version: 3.5.2 |Anaconda 4.1.1 (64-bit)| (default...
sys.prefix: C:\Users\I53224\AppData\Local\Continuum\Anaconda3
sys.executable: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\python.exe
conda location: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\lib\site-packages\conda
conda-build: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-build.exe
conda-convert: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-convert.exe
conda-develop: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-develop.exe
conda-env: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-env.exe
conda-index: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-index.exe
conda-inspect: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-inspect.exe
conda-metapackage: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-metapackage.exe
conda-pipbuild: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-pipbuild.exe
conda-render: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-render.exe
conda-server: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-server.exe
conda-sign: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-sign.exe
conda-skeleton: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts\conda-skeleton.exe
user site dirs: C:\Users\I53224\AppData\Roaming\Python\Python35
CIO_TEST: <not set>
CONDA_DEFAULT_ENV: <not set>
CONDA_ENVS_PATH: <not set>
PATH: C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Library\bin;C:\ProgramData\Oracle\Java\javapath;c:\Rtools\bin;c:\Rtools\gcc-4.6.3\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\110\DTS\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\110\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\;C:\Program Files (x86)\Microsoft SQL Server\110\DTS\Binn\;c:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files (x86)\Microsoft ASP.NET\ASP.NET Web Pages\v1.0\;C:\Program Files (x86)\Windows Kits\8.0\Windows Performance Toolkit\;C:\Program Files (x86)\Silk\SilkTest;C:\Program Files (x86)\Silk\SilkTest\ng\gui;C:\Program Files (x86)\QuickTime\QTSystem\;C:\Program Files\MiKTeX 2.9\miktex\bin\x64\;C:\Users\I53224\AppData\Local\Continuum\Anaconda3;C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Scripts;C:\Users\I53224\AppData\Local\Continuum\Anaconda3\Library\bin;C:\Program Files (x86)\IDM Computer Solutions\UltraCompare\;C:\Users\I53224\AppData\Local\Pandoc\
PYTHONHOME: <not set>
PYTHONPATH: <not set>
WARNING: could not import _license.show_info
# try:
# $ conda install -n root _license
after trying solution from groutr: conda list
_nb_ext_conf 0.2.0 py35_0
alabaster 0.7.8 py35_0
anaconda 4.1.1 np111py35_0
anaconda-client 1.4.0 py35_0
anaconda-navigator 1.2.1 py35_0
argcomplete 1.0.0 py35_1
astropy 1.2.1 np111py35_0
babel 2.3.3 py35_0
backports 1.0 py35_0
beautifulsoup4 4.4.1 py35_0
bitarray 0.8.1 py35_1
blaze 0.10.1 py35_0
bokeh 0.12.0 py35_0
boto 2.40.0 py35_0
bottleneck 1.1.0 np111py35_0
bzip2 1.0.6 vc14_3 [vc14]
certifi 2016.2.28 py35_0
cffi 1.6.0 py35_0
chest 0.2.3 py35_0
click 6.6 py35_0
cloudpickle 0.2.1 py35_0
clyent 1.2.2 py35_0
colorama 0.3.7 py35_0
comtypes 1.1.2 py35_0
conda 4.1.11 py35_0
conda-build 1.21.3 py35_0
conda-env 2.5.2 py35_0
configobj 5.0.6 py35_0
console_shortcut 0.1.1 py35_1
contextlib2 0.5.3 py35_0
cryptography 1.4 py35_0
curl 7.49.0 vc14_0 [vc14]
cycler 0.10.0 py35_0
cython 0.24 py35_0
cytoolz 0.8.0 py35_0
dask 0.10.0 py35_0
datashape 0.5.2 py35_0
decorator 4.0.10 py35_0
dill 0.2.5 py35_0
docutils 0.12 py35_2
dynd-python 0.7.2 py35_0
entrypoints 0.2.2 py35_0
et_xmlfile 1.0.1 py35_0
fastcache 1.0.2 py35_1
flask 0.11.1 py35_0
flask-cors 2.1.2 py35_0
freetype 2.5.5 vc14_1 [vc14]
get_terminal_size 1.0.0 py35_0
gevent 1.1.1 py35_0
greenlet 0.4.10 py35_0
h5py 2.6.0 np111py35_0
hdf5 1.8.15.1 vc14_4 [vc14]
heapdict 1.0.0 py35_1
idna 2.1 py35_0
imagesize 0.7.1 py35_0
ipykernel 4.3.1 py35_0
ipython 4.2.0 py35_0
ipython_genutils 0.1.0 py35_0
ipywidgets 4.1.1 py35_0
itsdangerous 0.24 py35_0
jdcal 1.2 py35_1
jedi 0.9.0 py35_1
jinja2 2.8 py35_1
jpeg 8d vc14_0 [vc14]
jsonschema 2.5.1 py35_0
jupyter 1.0.0 py35_3
jupyter_client 4.3.0 py35_0
jupyter_console 4.1.1 py35_0
jupyter_core 4.1.0 py35_0
libdynd 0.7.2 0
libpng 1.6.22 vc14_0 [vc14]
libtiff 4.0.6 vc14_2 [vc14]
llvmlite 0.11.0 py35_0
locket 0.2.0 py35_1
lxml 3.6.0 py35_0
markupsafe 0.23 py35_2
matplotlib 1.5.1 np111py35_0
menuinst 1.4.1 py35_0
mistune 0.7.2 py35_0
mkl 11.3.3 1
mkl-service 1.1.2 py35_2
mpmath 0.19 py35_1
multipledispatch 0.4.8 py35_0
nb_anacondacloud 1.1.0 py35_0
nb_conda 1.1.0 py35_0
nb_conda_kernels 1.0.3 py35_0
nbconvert 4.2.0 py35_0
nbformat 4.0.1 py35_0
nbpresent 3.0.2 py35_0
networkx 1.11 py35_0
nltk 3.2.1 py35_0
nose 1.3.7 py35_1
notebook 4.2.1 py35_0
numba 0.26.0 np111py35_0
numexpr 2.6.0 np111py35_0
numpy 1.11.1 py35_0
odo 0.5.0 py35_1
openpyxl 2.3.2 py35_0
openssl 1.0.2h vc14_0 [vc14]
pandas 0.18.1 np111py35_0
partd 0.3.4 py35_0
path.py 8.2.1 py35_0
pathlib2 2.1.0 py35_0
patsy 0.4.1 py35_0
pep8 1.7.0 py35_0
pickleshare 0.7.2 py35_0
pillow 3.2.0 py35_1
pip 8.1.2 py35_0
ply 3.8 py35_0
psutil 4.3.0 py35_0
py 1.4.31 py35_0
pyasn1 0.1.9 py35_0
pycosat 0.6.1 py35_1
pycparser 2.14 py35_1
pycrypto 2.6.1 py35_4
pycurl 7.43.0 py35_0
pyflakes 1.2.3 py35_0
pygments 2.1.3 py35_0
pyopenssl 0.16.0 py35_0
pyparsing 2.1.4 py35_0
pyqt 4.11.4 py35_6
pyreadline 2.1 py35_0
pytables 3.2.2 np111py35_4
pytest 2.9.2 py35_0
python 3.5.2 0
python-dateutil 2.5.3 py35_0
pytz 2016.4 py35_0
pywin32 220 py35_1
pyyaml 3.11 py35_4
pyzmq 15.2.0 py35_0
qt 4.8.7 vc14_8 [vc14]
qtconsole 4.2.1 py35_0
qtpy 1.0.2 py35_0
requests 2.10.0 py35_0
rope 0.9.4 py35_1
ruamel_yaml 0.11.7 py35_0
scikit-image 0.12.3 np111py35_1
scikit-learn 0.17.1 np111py35_1
scipy 0.17.1 np111py35_1
setuptools 23.0.0 py35_0
simplegeneric 0.8.1 py35_1
singledispatch 3.4.0.3 py35_0
sip 4.16.9 py35_2
six 1.10.0 py35_0
snowballstemmer 1.2.1 py35_0
sockjs-tornado 1.0.3 py35_0
sphinx 1.4.1 py35_0
sphinx_rtd_theme 0.1.9 py35_0
spyder 2.3.9 py35_0
sqlalchemy 1.0.13 py35_0
statsmodels 0.6.1 np111py35_1
sympy 1.0 py35_0
tk 8.5.18 vc14_0 [vc14]
toolz 0.8.0 py35_0
tornado 4.3 py35_1
traitlets 4.2.1 py35_0
unicodecsv 0.14.1 py35_0
vs2015_runtime 14.0.25123 0
werkzeug 0.11.10 py35_0
wheel 0.29.0 py35_0
xlrd 1.0.0 py35_0
xlsxwriter 0.9.2 py35_0
xlwings 0.7.2 py35_0
xlwt 1.1.2 py35_0
zlib 1.2.8 vc14_3 [vc14]
I was having issues like statchaitya; Miniconda install, conda list
only shows 14 packages, and openssl, cryptography, and certifi aren't among them. Conda choking out on this error, and can't download anything.
My issue seems to be because I had HTTP_PROXY set, but not HTTPS_PROXY. I set that, and the error went away. See: Configure Conda for use behind a proxy server
I am using Anaconda 3 x64 on Windows and I am getting SSL certificate verify failures. Output and root env are shown below.