ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)

[wazimshizm]

I have upgraded to the latest GAM release from https://github.com/GAM-team/GAM/releases and I still have this issue. I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/gam/wiki

I am using the command I have used for years to update our staff photos gam all users update photo https://companywebsite/#user#

Normally this works just fine. I have search the google discussion group and some similar questions have been posed but none of the solutions apply to me. I am not using a proxy or a VPN. I have tried with my home Wifi and my Cellular backup.

The error I am getting is: ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)

Does this problem sniff like I am being subjected to some sort of MitM attack?

[taers232c]

Peter,

Try: gam oauth delete gam oauth create

Then try your command.

Ross

Ross Scroggs @.***

On Apr 23, 2023, at 4:08 PM, Peter @.***> wrote:

I have upgraded to the latest GAM release from https://github.com/GAM-team/GAM/releases https://github.com/GAM-team/GAM/releases and I still have this issue. I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/gam/wiki https://github.com/jay0lee/gam/wiki I am using the command I have used for years to update our staff photos gam all users update photo https://companywebsite/#user#

Normally this works just fine. I have search the google discussion group and some similar questions have been posed but none of the solutions apply to me. I am not using a proxy or a VPN. I have tried with my home Wifi and my Cellular backup.

The error I am getting is: ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)

Does this problem sniff like I am being subjected to some sort of MitM attack?

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1624, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL63MDX66G54JURBYGDXCWY77ANCNFSM6AAAAAAXI2PSRA. You are receiving this because you are subscribed to this thread.

[wazimshizm]

Peter, Try: gam oauth delete gam oauth create Then try your command. Ross ---- Ross Scroggs @. … On Apr 23, 2023, at 4:08 PM, Peter @.> wrote: I have upgraded to the latest GAM release from https://github.com/GAM-team/GAM/releases https://github.com/GAM-team/GAM/releases and I still have this issue. I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/gam/wiki https://github.com/jay0lee/gam/wiki I am using the command I have used for years to update our staff photos gam all users update photo https://companywebsite/#user# Normally this works just fine. I have search the google discussion group and some similar questions have been posed but none of the solutions apply to me. I am not using a proxy or a VPN. I have tried with my home Wifi and my Cellular backup. The error I am getting is: ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002) Does this problem sniff like I am being subjected to some sort of MitM attack? — Reply to this email directly, view it on GitHub <#1624>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL63MDX66G54JURBYGDXCWY77ANCNFSM6AAAAAAXI2PSRA. You are receiving this because you are subscribed to this thread.

Completed. No change.

[taers232c]

Send me a Meet/Zoom invitation.

Ross

Ross Scroggs @.***

On Apr 23, 2023, at 4:17 PM, Peter @.***> wrote:

Peter, Try: gam oauth delete gam oauth create Then try your command. Ross ---- Ross Scroggs @. … <x-msg://1/#> On Apr 23, 2023, at 4:08 PM, Peter @.> wrote: I have upgraded to the latest GAM release from https://github.com/GAM-team/GAM/releases https://github.com/GAM-team/GAM/releases https://github.com/GAM-team/GAM/releases https://github.com/GAM-team/GAM/releases and I still have this issue. I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/gam/wiki https://github.com/jay0lee/gam/wiki https://github.com/jay0lee/gam/wiki https://github.com/jay0lee/gam/wiki I am using the command I have used for years to update our staff photos gam all users update photo https://companywebsite/#user# https://companywebsite/#user# Normally this works just fine. I have search the google discussion group and some similar questions have been posed but none of the solutions apply to me. I am not using a proxy or a VPN. I have tried with my home Wifi and my Cellular backup. The error I am getting is: ERROR: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002) Does this problem sniff like I am being subjected to some sort of MitM attack? — Reply to this email directly, view it on GitHub <#1624 https://github.com/GAM-team/GAM/issues/1624>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL63MDX66G54JURBYGDXCWY77ANCNFSM6AAAAAAXI2PSRA https://github.com/notifications/unsubscribe-auth/ACCTYL63MDX66G54JURBYGDXCWY77ANCNFSM6AAAAAAXI2PSRA. You are receiving this because you are subscribed to this thread.

Completed. No change.

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1624#issuecomment-1519192212, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACCTYL3777S2CXGIZZ7CBGDXCWZ7BANCNFSM6AAAAAAXI2PSRA. You are receiving this because you commented.

[wazimshizm]

I have confirmed the edge certificate is valid and correct, signed by Let's Encrypt. The site is proxied by CloudFare but this has always been this way and never been an issue.

Some sites work now that we set the environment variable to an earlier TLS version gam user peter@ypa.com.au update photo https://via.placeholder.com/250x250.jpg

But ours still does not gam user peter@ypa.com.au update photo https://ypa.cloud/images/sm/peter@ypa.com.au.jpg

[wazimshizm]

Not sure what the problem was but it's been solved by purchasing an advanced edge certificate through CloudFare signed by DigiCert.

May be related to: https://community.cloudflare.com/t/renewal-edge-certificates/427355

[jay0lee]

FYI, the core issue here is that GAM now (as of 6.25 release in Sept) uses a very minimal list of trusted root certs in:

https://github.com/GAM-team/GAM/blob/main/src/roots.pem

this file is downloaded directly from https://pki.goog and covers all of Google's HTTPS services as well as GitHub.

99.9% of GAM commands only ever talk to Google and GitHub hosts which this file supports. However in your case when pulling the photo from another website you are accessing a URL that, even though it likely has a perfectly legit certificate, isn't covered by roots.pem.

The fix would be to replace roots.pem file on your GAM install with something that covers a wider selection of websites such as the httplib2 defaults to using:

https://github.com/httplib2/httplib2/blob/master/python3/httplib2/cacerts.txt

Jay Lee

On Mon, Apr 24, 2023 at 10:12 PM Peter @.***> wrote:

Closed #1624 https://github.com/GAM-team/GAM/issues/1624 as completed.

— Reply to this email directly, view it on GitHub https://github.com/GAM-team/GAM/issues/1624#event-9087268602, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABDIZMDLGLYOLKNEPM36S6DXC4XHNANCNFSM6AAAAAAXI2PSRA . You are receiving this because you were assigned.Message ID: @.***>