OPENSSL_internal:CERTIFICATE_VERIFY_FAILED

[nitinjassi]

Thanks for stopping by to let us know something could be better!

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

Please run down the following list and make sure you've tried the usual "quick fixes":

• Search the issues already opened: https://github.com/googleapis/python-firestore/issues
• Search StackOverflow: https://stackoverflow.com/questions/tagged/google-cloud-platform+python

If you are still having issues, please be sure to include as much information as possible:

Environment details

• OS type and version:Windows 10 Enterprise
• Python version: Python 3.12.1
• pip version: pip 24.0
• google-cloud-firestore version: 2.11.1 Summary: Google Cloud Firestore API client library

Steps to reproduce

1. Run the following code in your python virtual environment.

from google.cloud import firestore

if name == 'main': db = firestore.Client(database='di-firestore-db') data = {"name": "Los Angeles", "state": "CA", "country": "USA"} db.collection("cities").document("LA").set(data)

Code example

# example

from google.cloud import firestore

if __name__ == '__main__':
    db = firestore.Client(database='di-firestore-db')
    data = {"name": "Los Angeles", "state": "CA", "country": "USA"}
    db.collection("cities").document("LA").set(data)

Stack trace

# example

(.venv) C:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf>"c:/Users/U831/source/repos/Digital Innovation/gcp/bookshelf/.venv/Scripts/python.exe" "c:/Users/U831/source/repos/Digital Innovation/gcp/bookshelf/test.py"
E0422 13:41:10.605000000 45612 src/core/tsi/ssl_transport_security.cc:1519] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E0422 13:41:25.544000000 59928 src/core/tsi/ssl_transport_security.cc:1519] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E0422 13:41:35.566000000 59928 src/core/tsi/ssl_transport_security.cc:1519] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E0422 13:41:45.596000000 59928 src/core/tsi/ssl_transport_security.cc:1519] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E0422 13:41:55.631000000 59928 src/core/tsi/ssl_transport_security.cc:1519] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
E0422 13:42:05.671000000 59928 src/core/tsi/ssl_transport_security.cc:1519] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
Traceback (most recent call last):
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\grpc_helpers.py", line 76, in error_remapped_callable
    return callable_(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\grpc\_channel.py", line 1176, in __call__
    return _end_unary_response_blocking(state, call, False, None)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\grpc\_channel.py", line 1005, in _end_unary_response_blocking    
    raise _InactiveRpcError(state)  # pytype: disable=not-instantiable
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
        status = StatusCode.UNAVAILABLE
        details = "failed to connect to all addresses; last error: UNKNOWN: ipv4:64.233.185.95:443: Ssl handshake failed: SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED"
        debug_error_string = "UNKNOWN:Error received from peer  {grpc_message:"failed to connect to all addresses; last error: UNKNOWN: ipv4:64.233.185.95:443: Ssl handshake failed: SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED", grpc_status:14, created_time:"2024-04-22T18:42:10.2705886+00:00"}"
>

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\retry\retry_unary.py", line 144, in retry_target 
    result = target()
             ^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\timeout.py", line 120, in func_with_timeout      
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\grpc_helpers.py", line 78, in error_remapped_callable
    raise exceptions.from_grpc_error(exc) from exc
google.api_core.exceptions.ServiceUnavailable: 503 failed to connect to all addresses; last error: UNKNOWN: ipv4:64.233.185.95:443: Ssl handshake failed: SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\test.py", line 8, in <module>
    db.collection("cities").document("LA").set(data)
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\cloud\firestore_v1\document.py", line 167, in set
    write_results = batch.commit(**kwargs)
                    ^^^^^^^^^^^^^^^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\cloud\firestore_v1\batch.py", line 59, in commit
    commit_response = self._client._firestore_api.commit(
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\cloud\firestore_v1\services\firestore\client.py", line 1125, in commit
    response = rpc(
               ^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\gapic_v1\method.py", line 131, in __call__       
    return wrapped_func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\retry\retry_unary.py", line 293, in retry_wrapped_func
    return retry_target(
           ^^^^^^^^^^^^^
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\retry\retry_unary.py", line 153, in retry_target 
    _retry_error_helper(
  File "c:\Users\U831\source\repos\Digital Innovation\gcp\bookshelf\.venv\Lib\site-packages\google\api_core\retry\retry_base.py", line 221, in _retry_error_helper
    raise final_exc from source_exc
google.api_core.exceptions.RetryError: Timeout of 60.0s exceeded, last exception: 503 failed to connect to all addresses; last error: UNKNOWN: ipv4:64.233.185.95:443: Ssl handshake failed: SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED

Making sure to follow these steps will guarantee the quickest resolution possible.

Thanks!

[daniel-sanche]

Can you give me a bit more information about your environment? Are you running locally, or on a cloud VM? Any firewall or other network details that would be helpful?

To be clear, you're just trying to do a simple write when you encounter this error, right? Does it happen every time you interact with a GCP library, or just this method?