search

langgenius / dify

Dify is an open-source LLM app development platform. Dify's intuitive interface combines AI workflow, RAG pipeline, agent capabilities, model management, observability features and more, letting you quickly go from prototype to production.
https://dify.ai
Other
51.17k stars 7.37k forks source link

certificate verify failed: unable to get local issuer certificate (_ssl.c:1007) #2637

Closed heywiorld closed 7 months ago

heywiorld commented 8 months ago

Self Checks

Dify version

0.5.2

Cloud or Self Hosted

Self Hosted (Docker)

Steps to reproduce

hi team, we write self define tool, but when test return error:[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)

yml content is as follow:

openapi: "3.0.0"
info:
  version: 1.0.0
  title: Webhook Test API
servers:
  - url: https://test.com/n8n
    variables:
      server:
        default: test.com
paths:
  /webhook/93b273e7-4b90-4d19-a8c2-690296e935f8/:
    post:
      summary: Get VT and Threat Book IP result
      operationId: VT and TB
      requestBody:
        required: true
        content:
          application/json:
            schema:
              properties:
                ip:
                  type: string
                  description: IP address for the test
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/WebhookTestResponse"
      security:
        - ApiKeyAuth: []
components:
  schemas:
    WebhookTestResponse:
      type: object
      properties:
        response_message:
          type: string
          description: Response message from the webhook execution
  securitySchemes:
    ApiKeyAuth:
      type: apiKey
      name: x-apikey
      in: header
security:
  - ApiKeyAuth: []

✔️ Expected Behavior

return webhook result.

❌ Actual Behavior

return error:[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007) QQ截图20240301090523

dosubot[bot] commented 8 months ago

🤖

Hey there, @heywiorld! Fancy seeing you here again. Hope you're doing great! 🚀

The error you're encountering, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)", typically occurs when Python requests do not trust the SSL certificate of the server you are trying to communicate with. Here are some steps you can take to resolve this issue:

  1. Install Certificates: If you're on macOS, and using the default Python installation, the issue might be that Python is not using the system's certificate store. You can install the certificates by running the Install Certificates.command script found in your Python installation directory (usually /Applications/Python <version>/). This script installs the root certificates and should resolve the SSL error.

  2. Use Certifi Package: For a more cross-platform solution, you can use the certifi package, which Python requests can leverage to validate the SSL certificates.

    • First, install the certifi package using pip: 
      pip install certifi

    • Then, in your Python code where you make HTTP requests, ensure that you point to the certifi certificate bundle:

      import requests
import certifi

response = requests.get('https://your-server-url', verify=certifi.where())

  3. Manually Specify Certificates: If you have a custom or self-signed certificate, you can manually specify the path to your certificate bundle in the requests you make. This requires you to have a .pem file containing the certificates that Python should trust.

    • Example usage:

      import requests

response = requests.get('https://your-server-url', verify='/path/to/your/certificate.pem')

  4. Disable SSL Verification (Not Recommended): As a last resort and not recommended for production use, you can disable SSL certificate verification. This approach is insecure and exposes you to various security vulnerabilities, such as man-in-the-middle attacks.

    • Example of disabling SSL verification:

      import requests

response = requests.get('https://your-server-url', verify=False)

    • If you choose this approach, ensure it's only for testing purposes in a controlled environment.

Please note that these are general solutions for dealing with SSL certificate verification problems in Python applications, which should be applicable to your situation with Dify version 0.5.2 hosted via Docker. If you continue to experience issues, please provide more details about your setup and we'll be happy to help further.

Sources

#### About Dosu This response is meant to be useful and save you time. It is **not meant to be a precise solution**, but rather a starting point for your own research. Help me be more useful! Please leave a 👍 if this is helpful and 👎 if it is irrelevant. If you want to continue the conversation, start your reply with @dosu-bot.
takatost commented 8 months ago

Is the HTTPS certificate correct when accessing the API directly?

heywiorld commented 8 months ago

Is the HTTPS certificate correct when accessing the API directly?

yes

takatost commented 8 months ago

Is the HTTPS certificate correct when accessing the API directly?

yes

Hey, could you please provide more details? Such as the provider of the certificate, the type, etc. It would help us to reproduce the issue.

heywiorld commented 8 months ago

Is the HTTPS certificate correct when accessing the API directly?

yes

Hey, could you please provide more details? Such as the provider of the certificate, the type, etc. It would help us to reproduce the issue.

think key point is not cert of https://test.com, as error is unable to get local. certificate for test.com is made by our company, valid.

dosubot[bot] commented 7 months ago

Hi, @heywiorld

I'm helping the team manage our backlog and am marking this issue as stale. From what I understand, you are encountering an SSL certificate verification error when testing a self-defined tool in a self-hosted Docker environment. The error "SSL: CERTIFICATE_VERIFY_FAILED" occurs when trying to communicate with a server, despite the HTTPS certificate being correct when accessing the API directly. I provided detailed steps to resolve the SSL error, and "takatost" requested more details about the certificate to help reproduce the issue.

Could you please confirm if this issue is still relevant to the latest version of the repository? If it is, please let the team know by commenting on the issue. Otherwise, feel free to close the issue yourself, or it will be automatically closed in 7 days. Thank you!

insistence-essenn commented 5 months ago

Hey, how was the issue solved?

raccoonex commented 5 months ago

@insistence-essenn see my answer here