[question] Unable to connect to conancenter=https://center.conan.io

[playgithub]

Env

OS: Windows 10 conan: 1.40.2

Log

λ conan search boost -r conancenter
ERROR: HTTPSConnectionPool(host='center.conan.io', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1129)')))

Unable to connect to conancenter=https://center.conan.io
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

λ conan create . # for local recipe
...
rapidjson/cci.20200410: Not found in local cache, looking in remotes...
rapidjson/cci.20200410: Trying with 'conancenter'...
ERROR: Failed requirement 'rapidjson/cci.20200410' from 'cppjieba/2.0.0'
ERROR: HTTPSConnectionPool(host='center.conan.io', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLEOFError(8, 'EOF occurred in violation of protocol (_ssl.c:1129)')))

Unable to connect to conancenter=https://center.conan.io
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

More Info

It worked well several days ago, but failed today.

[matheusgomes28]

Getting this also, sounds like their certificate has expired! Get #LetsEncrypt on it :laughing:

[sysint64]

I am getting this as well 😕

[jwillikers]

Same here.

[manuel2258]

Same here. For a temporary fix ssl verification can be disabled in the remotes settings at ~/.conan/remotes.json

[haroal]

Hi,

This seems to be due to Let's encrypt root authority server shutdown on September 30th : (cf https://docs.certifytheweb.com/docs/kb/kb-202109-letsencrypt/#:~:text=From%20Sept%2030th%202021%20Let's,the%20ones%20for%20your%20website.)

I fixed it by adding their new root authority ISRG Root X1 certificate in ~/.conan/cacert.pem.

Edit: ISRG Root X1 certificate can be downloaded from Let's encrypt website : https://letsencrypt.org/certificates/

[lasote]

Thanks, @haroal. The pem to be appended is at: https://letsencrypt.org/certs/isrgrootx1.pem We are releasing 1.40.3 ASAP containing that root certificate.

[lasote]

I'll keep this open so it is more visible.

[memsharded]

For any other previous version older than 1.40.3, the new certificate can be installed with:

$ conan config install https://github.com/conan-io/conanclientcert.git

[blackliner]

ETA for the release 1.40.3 ?

[lasote]

minutes

[blackliner]

while true; do pip3 install conan==1.40.3 && break; done

If you want your PC to tell you conan 1.40.3 is released:

WSL:
while true; do pip3 install conan==1.40.3 && powershell.exe '[console]::beep(500,10000)' && break; done
old Linux:
while true; do pip3 install conan==1.40.3 && eval 'speaker-test -Dplug:front -c2' && break; done

[bfairservice-gt]

For any other previous version older than 1.40.3, the new certificate can be installed with:

$ conan config install https://github.com/conan-io/conanclientcert.git

Does this mean every version of conan older than 1.40.3 is broken now unless people take this additional manual step of installing the certificate?

[blackliner]

Shouldn't conan rely on system installed certs in addition to their own ones?

[memsharded]

Shouldn't conan rely on system installed certs in addition to their own ones?

System installed ones were really problematic in some systems (OSX) and also with older Python versions (2.7), so they couldn't be used at the time, and had to be replaced to keep moving. It has been working without issues till today, but certainly this will be fixed in next releases.

[memsharded]

Does this mean every version of conan older than 1.40.3 is broken now unless people take this additional manual step of installing the certificate?

Yes. Many teams that already manage their configuration with conan config install (very recommended) will fix it simply by adding it to their config, no extra steps. But it doesn't seem feasible to backport to 40 previous Conan releases, that is a huge amount of work (and also requires upgrading clients)

[blackliner]

Congrats to the release!

Successfully installed conan-1.40.3

[anders-wind]

When can we expect the release on conda?

[uilianries]

@anders-wind We don't manage the Conan client available in Conda, but I'll take a look.

[anders-wind]

Ahh okay - thanks!

[uilianries]

@anders-wind I just opened a PR to Conda feedstock: https://github.com/conda-forge/conan-feedstock/pull/143

UPDATE:

They have a bot, which opened a new PR too: https://github.com/conda-forge/conan-feedstock/pull/144

I'll close mine.

[Sebanisu]

pip has 1.40.3 now. chocolatey is still waiting on 1.40.2 https://community.chocolatey.org/packages/conan#versionhistory

[Prasaddiwalkar]

For any other previous version older than 1.40.3, the new certificate can be installed with:

$ conan config install https://github.com/conan-io/conanclientcert.git

I am still facing issue on docker container.

I tried upgrading conan to 1.40.3 and also tried above command for certificate

[lasote]

@Prasaddiwalkar please post here the command you run and the error traces to see if we can guess something.

[Prasaddiwalkar]

@Prasaddiwalkar please post here the command you run and the error traces to see if we can guess something.

conan@9a54bf478845:~$ conan --version
Conan version 1.40.3

conan remote list
conancenter: https://center.conan.io [Verify SSL: True]

conan install zlib/1.2.11@
Configuration:
[settings]
arch=x86_64
arch_build=x86_64
build_type=Release
compiler=gcc
compiler.libcxx=libstdc++
compiler.version=4.8
os=Linux
os_build=Linux
[options]
[build_requires]
[env]

zlib/1.2.11: Not found in local cache, looking in remotes...
zlib/1.2.11: Trying with 'conancenter'...
ERROR: HTTPSConnectionPool(host='center.conan.io', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Unable to connect to conancenter=https://center.conan.io
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

[darkvertex]

Shooting in the dark here but could it be your version of OpenSSL?

What Python and OpenSSL versions are you running?

Apparently old OpenSSL versions will cause headaches: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

[Prasaddiwalkar]

Shooting in the dark here but could it be your version of OpenSSL?

What Python and OpenSSL versions are you running?

Apparently old OpenSSL versions will cause headaches: https://www.openssl.org/blog/blog/2021/09/13/LetsEncryptRootCertExpire/

conan@9a54bf478845:~$ openssl version OpenSSL 1.0.1f 6 Jan 2014

conan@9a54bf478845:~$ python --version Python 3.6.7

[Prasaddiwalkar]

@Prasaddiwalkar please post here the command you run and the error traces to see if we can guess something.

conan@9a54bf478845:~$ conan --version
Conan version 1.40.3

conan remote list
conancenter: https://center.conan.io [Verify SSL: True]

conan install zlib/1.2.11@
Configuration:
[settings]
arch=x86_64
arch_build=x86_64
build_type=Release
compiler=gcc
compiler.libcxx=libstdc++
compiler.version=4.8
os=Linux
os_build=Linux
[options]
[build_requires]
[env]

zlib/1.2.11: Not found in local cache, looking in remotes...
zlib/1.2.11: Trying with 'conancenter'...
ERROR: HTTPSConnectionPool(host='center.conan.io', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Unable to connect to conancenter=https://center.conan.io
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

@lasote can you please help. My entire pipeline is stuck

[tru]

conan@9a54bf478845:~$ openssl version OpenSSL 1.0.1f 6 Jan 2014

That one is to old - have no security patches and won't work with new let's encrypt certificates. Consider upgrading.

[Prasaddiwalkar]

conan@9a54bf478845:~$ openssl version OpenSSL 1.0.1f 6 Jan 2014

That one is to old - have no security patches and won't work with new let's encrypt certificates. Consider upgrading.

It was working till yesterday

[SeekTheShrubbery]

Thanks for the quick patch. If a user's still having problems with their LetsEncrypt certs even when using Conan 1.40.3 or newer and OpenSSL 1.0.2 or newer, they could try renewing their LetsEncrypt cert as well. In my case the LetsEncrypt cert expiring end of October still had the old CA and wouldn't work.

[abloemert]

When can we expect the release on conda?

I see that the dependencies were changed in Conan 1.40. This is solved with conda-forge/conan-feedstock#146

@anders-wind, @uilianries

[theirix]

For your information, a homebrew formula is just merged.

[bbossola]

Something is still wrong with the deb distribution:

root@ci:~# dpkg -i conan-ubuntu-64.deb 
Selecting previously unselected package conan.
(Reading database ... 117219 files and directories currently installed.)
Preparing to unpack conan-ubuntu-64.deb ...
Unpacking conan (1.40.3) ...
Setting up conan (1.40.3) ...

root@ci:~# conan --version
Conan version 1.40.3

root@ci:~# conan search -r=conancenter jsoncpp/*
ERROR: HTTPSConnectionPool(host='center.conan.io', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

Unable to connect to conancenter=https://center.conan.io
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

I also tried to install manually the certificates:

root@ci:~# conan config install https://github.com/conan-io/conanclientcert.git
Trying to clone repo: https://github.com/conan-io/conanclientcert.git
Repo cloned!
Copying file LICENSE to /root/.conan/.
Copying file cacert.pem to /root/.conan/.
root@ci:~# conan search -r=conancenter jsoncpp/*
ERROR: HTTPSConnectionPool(host='center.conan.io', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

Unable to connect to conancenter=https://center.conan.io
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

Can anybody take a look? Our pipelines are stuck.

[memsharded]

@bbossola thanks for reporting. Verified and created a new issue specifically to track this: https://github.com/conan-io/conan/issues/9714

[Prasaddiwalkar]

@Prasaddiwalkar please post here the command you run and the error traces to see if we can guess something.

@lasote I am using conanio/gcc48 docker image for build.

[Prasaddiwalkar]

@Prasaddiwalkar please post here the command you run and the error traces to see if we can guess something.

conan@9a54bf478845:~$ conan --version
Conan version 1.40.3

conan remote list
conancenter: https://center.conan.io [Verify SSL: True]

conan install zlib/1.2.11@
Configuration:
[settings]
arch=x86_64
arch_build=x86_64
build_type=Release
compiler=gcc
compiler.libcxx=libstdc++
compiler.version=4.8
os=Linux
os_build=Linux
[options]
[build_requires]
[env]

zlib/1.2.11: Not found in local cache, looking in remotes...
zlib/1.2.11: Trying with 'conancenter'...
ERROR: HTTPSConnectionPool(host='center.conan.io', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Unable to connect to conancenter=https://center.conan.io
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

@lasote @memsharded can you please help. My entire pipeline is stuck

As I said our pipelines are stuck. I tried all the solutions you have mentioned above.

To install conan I am using pip install conan

[memsharded]

@SSE4 or @uilianries could you verify the case of @Prasaddiwalkar? It seems that the docker image of gcc48 would simply have a very old system openssl that no longer works?

[Prasaddiwalkar]

@SSE4 or @uilianries could you verify the case of @Prasaddiwalkar? It seems that the docker image of gcc48 would simply have a very old system openssl that no longer works?

@SSE4 or @uilianries Our entire pipeline is stuck since 3 days, no one is able to commit their changes to gitlab without build success. Please make it working asap

[lasote]

I'm investigating the broken conan debian installer and found something that can be useful, it is kind of a trick but it works, @uilianries @SSE4:

rm /etc/ssl/certs/DST_Root_CA_X3.pem

https://superuser.com/questions/1679204/curl-on-ubuntu-14-all-lets-encrypt-certificates-are-expired-error-60

[Prasaddiwalkar]

I'm investigating the broken conan debian installer and found something that can be useful, it is kind of a trick but it works, @uilianries @SSE4:

rm /etc/ssl/certs/DST_Root_CA_X3.pem

https://superuser.com/questions/1679204/curl-on-ubuntu-14-all-lets-encrypt-certificates-are-expired-error-60

conan@7b9013285cdb:~$ ls -ltr /etc/ssl/certs/DST_Root_CA_X3.pem
lrwxrwxrwx 1 root root 53 Dec 17  2019 /etc/ssl/certs/DST_Root_CA_X3.pem -> /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt 

conan@7b9013285cdb:~$ rm /etc/ssl/certs/DST_Root_CA_X3.pem
rm: cannot remove '/etc/ssl/certs/DST_Root_CA_X3.pem': Permission denied
conan@7b9013285cdb:~$ sudo rm /etc/ssl/certs/DST_Root_CA_X3.pem

conan@7b9013285cdb:~$ ls -ltr /etc/ssl/certs/DST_Root_CA_X3.pem
ls: cannot access /etc/ssl/certs/DST_Root_CA_X3.pem: No such file or directory

conan@7b9013285cdb:~$ conan --version
WARN: Migration: This conan installation doesn't have settings yet
WARN: Nothing to migrate here, settings will be generated automatically
Removing the 'cacert.pem' file...
Conan version 1.40.3

conan@7b9013285cdb:~$ conan install zlib/1.2.11@
Auto detecting your dev setup to initialize the default profile (/home/conan/.conan/profiles/default)
CC and CXX: /usr/bin/gcc, /usr/bin/g++
Found gcc 4.8
Default settings
        os=Linux
        os_build=Linux
        arch=x86_64
        arch_build=x86_64
        compiler=gcc
        compiler.version=4.8
        compiler.libcxx=libstdc++
        build_type=Release
*** You can change them in /home/conan/.conan/profiles/default ***
*** Or override with -s compiler='other' -s ...s***

Configuration:
[settings]
arch=x86_64
arch_build=x86_64
build_type=Release
compiler=gcc
compiler.libcxx=libstdc++
compiler.version=4.8
os=Linux
os_build=Linux
[options]
[build_requires]
[env]

zlib/1.2.11: Not found in local cache, looking in remotes...
zlib/1.2.11: Trying with 'conan-center'...
zlib/1.2.11: WARN: Remote https://conan.bintray.com is deprecated and will be shut down soon.
zlib/1.2.11: WARN: Please use the new 'conancenter' default remote.
zlib/1.2.11: WARN: Add it to your remotes with: conan remote add -i 0 conancenter https://center.conan.io
ERROR: HTTPSConnectionPool(host='conan.bintray.com', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Unable to connect to conan-center=https://conan.bintray.com
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

conan@7b9013285cdb:~$ conan config install https://github.com/conan-io/conanclientcert.git
Trying to clone repo: https://github.com/conan-io/conanclientcert.git
Repo cloned!
Copying file cacert.pem to /home/conan/.conan/.
Copying file LICENSE to /home/conan/.conan/.

conan@7b9013285cdb:~$ conan install zlib/1.2.11@
Configuration:
[settings]
arch=x86_64
arch_build=x86_64
build_type=Release
compiler=gcc
compiler.libcxx=libstdc++
compiler.version=4.8
os=Linux
os_build=Linux
[options]
[build_requires]
[env]

zlib/1.2.11: Not found in local cache, looking in remotes...
zlib/1.2.11: Trying with 'conan-center'...
zlib/1.2.11: WARN: Remote https://conan.bintray.com is deprecated and will be shut down soon.
zlib/1.2.11: WARN: Please use the new 'conancenter' default remote.
zlib/1.2.11: WARN: Add it to your remotes with: conan remote add -i 0 conancenter https://center.conan.io
ERROR: HTTPSConnectionPool(host='conan.bintray.com', port=443): Max retries exceeded with url: /v1/ping (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Unable to connect to conan-center=https://conan.bintray.com
1. Make sure the remote is reachable or,
2. Disable it by using conan remote disable,
Then try again.

[memsharded]

@Prasaddiwalkar

You are using conanio/gcc48. That docker image has been deprecated some time ago, check https://github.com/conan-io/conan-docker-tools and also the note:

Warning: The images listed below are intended for generating open-source library packages and we cannot guarantee any kind of stability. We strongly recommend using your own generated images for production environments taking the dockerfiles in this repository as a reference.

It is normal that a non-production deprecated image, containing a completely unsecure openssl version from 2014 no longer works in 2021.

[uilianries]

I found a possible solution, build OpenSSL 1.1.1l from sources, then build python. I'll provide a new Docker image for 4.8 and 4.9. I know they are deprecated, but still they are on useless state right now.

[uilianries]

@Prasaddiwalkar a new Docker image should be available in few minutes.

[czoido]

If anyone is having problems with the deb package certificates, we have just released Conan 1.40.4 that should fix those problems. Please report if the problem persist.

[kenfred]

If anyone is having problems with the deb package certificates, we have just released Conan 1.40.4 that should fix those problems. Please report if the problem persist.

I just updated to 1.40.4 and got the same HTTPSConnectionPool error. Was there a a regression in the fix? I resolved the issue by running conan config with the repo @memsharded linked above.

[memsharded]

@kenfred you updated to 1.40.4 from which version? Was there a warning message, or anything in the output about migration? It would be great if you could reproduce somehow that upgrade, I guess that it is not trivial...

[kenfred]

@memsharded Unfortunately, I do not know. I fired up WSL and received the error and assumed the conan update would fix it, as it it did on the Windows side. I'm guessing I was somewhere around v1.33, but can't be sure. Below I pasted the upgrade log from pip, if that will tell you anything.

pip3 install -U conan Collecting conan Downloading https://files.pythonhosted.org/packages/c8/f4/18ad4bbfdf1805ef6acca24e13e5691c7154361bcd99cd8a551cec801f8d/conan-1.40.4.tar.gz (698kB) 100% |████████████████████████████████| 706kB 1.3MB/s Collecting Jinja2<3,>=2.9 (from conan) Using cached https://files.pythonhosted.org/packages/7e/c2/1eece8c95ddbc9b1aeb64f5783a9e07a286de42191b7204d67b7496ddf35/Jinja2-2.11.3-py2.py3-none-any.whl Collecting PyJWT<2.0.0,>=1.4.0 (from conan) Using cached https://files.pythonhosted.org/packages/87/8b/6a9f14b5f781697e51259d81657e6048fd31a113229cf346880bb7545565/PyJWT-1.7.1-py2.py3-none-any.whl Collecting PyYAML<6.0,>=3.11 (from conan) Using cached https://files.pythonhosted.org/packages/7a/5b/bc0b5ab38247bba158504a410112b6c03f153c652734ece1849749e5f518/PyYAML-5.4.1-cp36-cp36m-manylinux1_x86_64.whl Collecting bottle<0.13,>=0.12.8 (from conan) Using cached https://files.pythonhosted.org/packages/bf/44/aeafdd6ca05a8e1c3f91eeeb272a202d5cb1b3b23730a5ca686a81c48d24/bottle-0.12.19-py3-none-any.whl Collecting colorama<0.5.0,>=0.3.3 (from conan) Using cached https://files.pythonhosted.org/packages/44/98/5b86278fbbf250d239ae0ecb724f8572af1c91f4a11edf4d36a206189440/colorama-0.4.4-py2.py3-none-any.whl Collecting distro<=1.6.0,>=1.0.2 (from conan) Downloading https://files.pythonhosted.org/packages/b3/8d/a0a5c389d76f90c766e956515d34c3408a1e18f60fbaa08221d1f6b87490/distro-1.6.0-py2.py3-none-any.whl Collecting fasteners>=0.14.1 (from conan) Using cached https://files.pythonhosted.org/packages/31/91/6630ebd169ca170634ca8a10dfcc5f5c11b0621672d4c2c9e40381c6d81a/fasteners-0.16.3-py2.py3-none-any.whl Collecting future<0.19.0,>=0.16.0 (from conan) Collecting node-semver==0.6.1 (from conan) Using cached https://files.pythonhosted.org/packages/08/51/6cf3a2b18ca35cbe4ad3c7538a7c3dc0cb24e71629fb16e729c137d06432/node_semver-0.6.1-py3-none-any.whl Collecting patch-ng<1.18,>=1.17.4 (from conan) Collecting pluginbase>=0.5 (from conan) Collecting pygments<3.0,>=2.0 (from conan) Using cached https://files.pythonhosted.org/packages/78/c8/8d9be2f72d8f465461f22b5f199c04f7ada933add4dae6e2468133c17471/Pygments-2.10.0-py3-none-any.whl Collecting python-dateutil<3,>=2.7.0 (from conan) Using cached https://files.pythonhosted.org/packages/36/7a/87837f39d0296e723bb9b62bbb257d0355c7f6128853c78955f57342a56d/python_dateutil-2.8.2-py2.py3-none-any.whl Collecting requests<3.0.0,>=2.25 (from conan) Using cached https://files.pythonhosted.org/packages/92/96/144f70b972a9c0eabbd4391ef93ccd49d0f2747f4f6a2a2738e99e5adc65/requests-2.26.0-py2.py3-none-any.whl Collecting six<=1.16.0,>=1.10.0 (from conan) Downloading https://files.pythonhosted.org/packages/d9/5a/e7c31adbe875f2abbb91bd84cf2dc52d792b5a01506781dbcf25c91daf11/six-1.16.0-py2.py3-none-any.whl Collecting tqdm<5,>=4.28.1 (from conan) Downloading https://files.pythonhosted.org/packages/63/f3/b7a1b8e40fd1bd049a34566eb353527bb9b8e9b98f8b6cf803bb64d8ce95/tqdm-4.62.3-py2.py3-none-any.whl (76kB) 100% |████████████████████████████████| 81kB 3.7MB/s Collecting urllib3<1.27,>=1.26.6 (from conan) Downloading https://files.pythonhosted.org/packages/af/f4/524415c0744552cce7d8bf3669af78e8a069514405ea4fcbd0cc44733744/urllib3-1.26.7-py2.py3-none-any.whl (138kB) 100% |████████████████████████████████| 143kB 3.4MB/s Collecting MarkupSafe>=0.23 (from Jinja2<3,>=2.9->conan) Using cached https://files.pythonhosted.org/packages/fc/d6/57f9a97e56447a1e340f8574836d3b636e2c14de304943836bd645fa9c7e/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl Collecting idna<4,>=2.5; python_version >= "3" (from requests<3.0.0,>=2.25->conan) Using cached https://files.pythonhosted.org/packages/d7/77/ff688d1504cdc4db2a938e2b7b9adee5dd52e34efbd2431051efc9984de9/idna-3.2-py3-none-any.whl Collecting charset-normalizer~=2.0.0; python_version >= "3" (from requests<3.0.0,>=2.25->conan) Downloading https://files.pythonhosted.org/packages/3f/65/69e6754102dcd018a0f29e4db673372eb323ee504431125ab6c9109cb21c/charset_normalizer-2.0.6-py3-none-any.whl Collecting certifi>=2017.4.17 (from requests<3.0.0,>=2.25->conan) Using cached https://files.pythonhosted.org/packages/05/1b/0a0dece0e8aa492a6ec9e4ad2fe366b511558cdc73fd3abc82ba7348e875/certifi-2021.5.30-py2.py3-none-any.whl Building wheels for collected packages: conan Running setup.py bdist_wheel for conan ... done Stored in directory: /home/kfrederickson/.cache/pip/wheels/37/1e/4a/d39915ceeea4083435fb4db66f99d3e67e616e46731ee26162 Successfully built conan Installing collected packages: MarkupSafe, Jinja2, PyJWT, PyYAML, bottle, colorama, distro, six, fasteners, future, node-semver, patch-ng, pluginbase, pygments, python-dateutil, idna, urllib3, charset-normalizer, certifi, requests, tqdm, conan Successfully installed Jinja2-2.11.3 MarkupSafe-2.0.1 PyJWT-1.7.1 PyYAML-5.4.1 bottle-0.12.19 certifi-2021.5.30 charset-normalizer-2.0.6 colorama-0.4.4 conan-1.40.4 distro-1.6.0 fasteners-0.16.3 future-0.18.2 idna-3.2 node-semver-0.6.1 patch-ng-1.17.4 pluginbase-1.0.1 pygments-2.10.0 python-dateutil-2.8.2 requests-2.26.0 six-1.16.0 tqdm-4.62.3 urllib3-1.26.7

[memsharded]

Nop, the pip install does nothing related to the cacert update. The important bit is the first Conan invocation that calls the migrations procedure.

[kenfred]

Nop, the pip install does nothing related to the cacert update. The important bit is the first Conan invocation that calls the migrations procedure.

Ah there is the clue we needed:

WARN: Migration: Updating settings.yml WARN: **** WARN: settings.yml is locally modified, can't be updated WARN: The new settings.yml has been stored in: /home/kfrederickson/.conan/settings.yml.new WARN: **** WARN: **** WARN: 'cacert.pem' is locally modified, can't be updated WARN: The new 'cacert.pem' has been stored in: /home/kfrederickson/.conan/cacert.pem.new WARN: ****

If I had noticed that warning, I would have known cacert.pem was not updated. However, I have never modified it, so I'm surprised conan thinks I did and bailed on the replacement.

[memsharded]

That is unexpected, yes. If you can forward us the 2 files (cacert.pem.new) and the previous cacert.pem from your cache (to info@conan.io), so we could check them, that could help.