HTTPError: 502 Bad Gateway from https://upload.pypi.org/legacy/

[arterrey]

My Platform

twine version 3.4.1 (importlib_metadata: 4.4.0, pkginfo: 1.7.0, requests: 2.25.1, requests-toolbelt: 0.9.1, tqdm: 4.61.0) on Fedora 33

Fastly Debug

The following is for https://upload.pypi.org/legacy/ I'm also getting the same issue with the testpypi server

$ bin/twine upload dist/* --verbose
Using configuration from /home/adam/.pypirc
Uploading distributions to https://upload.pypi.org/legacy/
  dist/ctq-1.0.dev1-py3-none-any.whl (12.2 KB)
  dist/ctq-1.0.dev1.tar.gz (11.0 KB)
username set from config file
password set from config file
username: __token__
password: <hidden>
Uploading ctq-1.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 21.5k/21.5k [00:01<00:00, 13.8kB/s]
Received "502: Bad Gateway" Package upload appears to have failed.  Retry 1 of 5
Uploading ctq-1.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 21.5k/21.5k [00:00<00:00, 62.5kB/s]
Received "502: Bad Gateway" Package upload appears to have failed.  Retry 2 of 5
Uploading ctq-1.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 21.5k/21.5k [00:00<00:00, 59.9kB/s]
Received "502: Bad Gateway" Package upload appears to have failed.  Retry 3 of 5
Uploading ctq-1.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 21.5k/21.5k [00:00<00:00, 63.9kB/s]
Received "502: Bad Gateway" Package upload appears to have failed.  Retry 4 of 5
Uploading ctq-1.0.dev1-py3-none-any.whl
100%|████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████| 21.5k/21.5k [00:00<00:00, 50.7kB/s]
Received "502: Bad Gateway" Package upload appears to have failed.  Retry 5 of 5
Content received from server:
<html>
<head><title>502 Bad Gateway</title></head>
<body bgcolor="white">
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.13.9</center>
</body>
</html>

HTTPError: 502 Bad Gateway from https://upload.pypi.org/legacy/
Bad Gateway

DNS Resolution

$ dig pypi.org A

; <<>> DiG 9.11.31-RedHat-9.11.31-1.fc33 <<>> pypi.org A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50779
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pypi.org.          IN  A

;; ANSWER SECTION:
pypi.org.       69555   IN  A   151.101.192.223
pypi.org.       69555   IN  A   151.101.128.223
pypi.org.       69555   IN  A   151.101.64.223
pypi.org.       69555   IN  A   151.101.0.223

;; Query time: 59 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jun 03 16:22:57 +07 2021
;; MSG SIZE  rcvd: 101

$ dig pypi.org AAAA

; <<>> DiG 9.11.31-RedHat-9.11.31-1.fc33 <<>> pypi.org AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49160
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;pypi.org.          IN  AAAA

;; ANSWER SECTION:
pypi.org.       65898   IN  AAAA    2a04:4e42:600::223
pypi.org.       65898   IN  AAAA    2a04:4e42:200::223
pypi.org.       65898   IN  AAAA    2a04:4e42::223
pypi.org.       65898   IN  AAAA    2a04:4e42:400::223

;; Query time: 83 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jun 03 16:23:14 +07 2021
;; MSG SIZE  rcvd: 149

$ dig files.pythonhosted.org A

; <<>> DiG 9.11.31-RedHat-9.11.31-1.fc33 <<>> files.pythonhosted.org A
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5350
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;files.pythonhosted.org.        IN  A

;; ANSWER SECTION:
files.pythonhosted.org. 86400   IN  CNAME   dualstack.r.ssl.global.fastly.net.
dualstack.r.ssl.global.fastly.net. 30 IN A  151.101.1.63
dualstack.r.ssl.global.fastly.net. 30 IN A  151.101.65.63
dualstack.r.ssl.global.fastly.net. 30 IN A  151.101.129.63
dualstack.r.ssl.global.fastly.net. 30 IN A  151.101.193.63

;; Query time: 128 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jun 03 16:23:37 +07 2021
;; MSG SIZE  rcvd: 162

$ dig files.pythonhosted.org AAAA

; <<>> DiG 9.11.31-RedHat-9.11.31-1.fc33 <<>> files.pythonhosted.org AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12167
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;files.pythonhosted.org.        IN  AAAA

;; ANSWER SECTION:
files.pythonhosted.org. 86380   IN  CNAME   dualstack.r.ssl.global.fastly.net.
dualstack.r.ssl.global.fastly.net. 10 IN AAAA   2a04:4e42:400::319
dualstack.r.ssl.global.fastly.net. 10 IN AAAA   2a04:4e42:600::319
dualstack.r.ssl.global.fastly.net. 10 IN AAAA   2a04:4e42:200::319
dualstack.r.ssl.global.fastly.net. 10 IN AAAA   2a04:4e42::319

;; Query time: 46 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Thu Jun 03 16:23:51 +07 2021
;; MSG SIZE  rcvd: 210

Traceroutes / IPv4

$ traceroute pypi.org
traceroute to pypi.org (151.101.128.223), 30 hops max, 60 byte packets
 1  _gateway (192.168.1.1)  8.847 ms  8.742 ms  8.684 ms
 2  localhost (27.68.247.99)  8.188 ms  8.135 ms  8.084 ms
 3  10.255.181.164 (10.255.181.164)  11.556 ms 10.255.181.172 (10.255.181.172)  8.426 ms 10.255.181.168 (10.255.181.168)  11.455 ms
 4  localhost (27.68.235.53)  21.928 ms  21.871 ms  21.797 ms
 5  localhost (27.68.233.50)  20.234 ms localhost (27.68.233.2)  20.160 ms  20.102 ms
 6  localhost (27.68.244.64)  44.534 ms  40.535 ms  40.356 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

$ traceroute files.pythonhosted.org
traceroute to files.pythonhosted.org (151.101.193.63), 30 hops max, 60 byte packets
 1  _gateway (192.168.1.1)  13.351 ms  13.272 ms  13.236 ms
 2  localhost (27.68.247.99)  13.487 ms  13.457 ms  13.429 ms
 3  10.255.181.176 (10.255.181.176)  20.110 ms 10.255.181.164 (10.255.181.164)  20.081 ms
 10.255.181.176 (10.255.181.176)  20.053 ms
 4  localhost (27.68.235.49)  26.808 ms localhost (27.68.235.53)  26.778 ms localhost (27.68.235.49)  26.729 ms
 5  localhost (27.68.233.2)  25.787 ms * *
 6  * localhost (27.68.244.64)  40.620 ms  40.458 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Traceroutes / IPv6 (If available)

I don't think I have IPv6

$ traceroute6 pypi.org
traceroute to pypi.org (2a04:4e42:400::223), 30 hops max, 80 byte packets
connect: Network is unreachable

$ traceroute6 files.pythonhosted.org

HTTPS Requests / IPv4

$ curl -vvv -I --ipv4 https://pypi.org/pypi/pip/json
*   Trying 151.101.128.223:443...
* Connected to pypi.org (151.101.128.223) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=Delaware; serialNumber=3359300; C=US; ST=Oregon; L=Beaverton; O=Python Software Foundation; CN=www.python.org
*  start date: Sep 29 00:00:00 2020 GMT
*  expire date: Oct 31 00:00:00 2021 GMT
*  subjectAltName: host "pypi.org" matched cert's "pypi.org"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x560bf514aea0)
> HEAD /pypi/pip/json HTTP/2
> Host: pypi.org
> user-agent: curl/7.71.1
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200 
HTTP/2 200 
< access-control-allow-headers: Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since
access-control-allow-headers: Content-Type, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since
< access-control-allow-methods: GET
access-control-allow-methods: GET
< access-control-allow-origin: *
access-control-allow-origin: *
< access-control-expose-headers: X-PyPI-Last-Serial
access-control-expose-headers: X-PyPI-Last-Serial
< access-control-max-age: 86400
access-control-max-age: 86400
< cache-control: max-age=900, public
cache-control: max-age=900, public
< content-security-policy: base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://api.pwnedpasswords.com https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.ingress.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com
content-security-policy: base-uri 'self'; block-all-mixed-content; connect-src 'self' https://api.github.com/repos/ *.fastly-insights.com sentry.io https://api.pwnedpasswords.com https://2p66nmmycsj3.statuspage.io; default-src 'none'; font-src 'self' fonts.gstatic.com; form-action 'self'; frame-ancestors 'none'; frame-src 'none'; img-src 'self' https://warehouse-camo.ingress.cmh1.psfhosted.org/ www.google-analytics.com *.fastly-insights.com; script-src 'self' www.googletagmanager.com www.google-analytics.com *.fastly-insights.com https://cdn.ravenjs.com; style-src 'self' fonts.googleapis.com; worker-src *.fastly-insights.com
< content-type: application/json
content-type: application/json
< etag: "0udpTJwBwvtr6iX+RYW88A"
etag: "0udpTJwBwvtr6iX+RYW88A"
< referrer-policy: origin-when-cross-origin
referrer-policy: origin-when-cross-origin
< server: nginx/1.13.9
server: nginx/1.13.9
< x-pypi-last-serial: 10446064
x-pypi-last-serial: 10446064
< accept-ranges: bytes
accept-ranges: bytes
< date: Thu, 03 Jun 2021 09:29:15 GMT
date: Thu, 03 Jun 2021 09:29:15 GMT
< x-served-by: cache-bwi5180-BWI, cache-qpg1262-QPG
x-served-by: cache-bwi5180-BWI, cache-qpg1262-QPG
< x-cache: HIT, HIT
x-cache: HIT, HIT
< x-cache-hits: 1, 1
x-cache-hits: 1, 1
< x-timer: S1622712555.225185,VS0,VE1
x-timer: S1622712555.225185,VS0,VE1
< vary: Accept-Encoding, Accept-Encoding
vary: Accept-Encoding, Accept-Encoding
< strict-transport-security: max-age=31536000; includeSubDomains; preload
strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-frame-options: deny
x-frame-options: deny
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-permitted-cross-domain-policies: none
x-permitted-cross-domain-policies: none
< content-length: 121151
content-length: 121151

< 
* Connection #0 to host pypi.org left intact

$ curl -vvv -I --ipv4 https://files.pythonhosted.org/packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz
*   Trying 151.101.1.63:443...
* Connected to files.pythonhosted.org (151.101.1.63) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=*.pythonhosted.org
*  start date: Mar 22 19:18:08 2021 GMT
*  expire date: Apr 23 19:18:07 2022 GMT
*  subjectAltName: host "files.pythonhosted.org" matched cert's "*.pythonhosted.org"
*  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA 2020
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55df821ebea0)
> HEAD /packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz HTTP/2
> Host: files.pythonhosted.org
> user-agent: curl/7.71.1
> accept: */*
> 
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200 
HTTP/2 200 
< last-modified: Wed, 26 Feb 2020 17:47:37 GMT
last-modified: Wed, 26 Feb 2020 17:47:37 GMT
< etag: "83a177756e2c801d0b3a6f7b0d4f3f7e"
etag: "83a177756e2c801d0b3a6f7b0d4f3f7e"
< content-type: binary/octet-stream
content-type: binary/octet-stream
< x-goog-hash: crc32c=Om2N1A==
x-goog-hash: crc32c=Om2N1A==
< x-goog-hash: md5=g6F3dW4sgB0LOm97DU8/fg==
x-goog-hash: md5=g6F3dW4sgB0LOm97DU8/fg==
< server: UploadServer
server: UploadServer
< cache-control: max-age=365000000, immutable, public
cache-control: max-age=365000000, immutable, public
< accept-ranges: bytes
accept-ranges: bytes
< date: Thu, 03 Jun 2021 09:29:46 GMT
date: Thu, 03 Jun 2021 09:29:46 GMT
< age: 522197
age: 522197
< x-served-by: cache-sea4430-SEA, cache-qpg1281-QPG
x-served-by: cache-sea4430-SEA, cache-qpg1281-QPG
< x-cache: HIT, HIT
x-cache: HIT, HIT
< x-cache-hits: 1, 1
x-cache-hits: 1, 1
< x-timer: S1622712586.271303,VS0,VE2
x-timer: S1622712586.271303,VS0,VE2
< strict-transport-security: max-age=31536000; includeSubDomains; preload
strict-transport-security: max-age=31536000; includeSubDomains; preload
< x-frame-options: deny
x-frame-options: deny
< x-xss-protection: 1; mode=block
x-xss-protection: 1; mode=block
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-permitted-cross-domain-policies: none
x-permitted-cross-domain-policies: none
< x-robots-header: noindex
x-robots-header: noindex
< content-length: 1246072
content-length: 1246072

< 
* Connection #0 to host files.pythonhosted.org left intact

HTTPS Requests / IPv6 (If available)

$ curl -vvv -I --ipv6 https://pypi.org/pypi/pip/json

$ curl -vvv -I --ipv6 https://files.pythonhosted.org/packages/ae/e8/2340d46ecadb1692a1e455f13f75e596d4eab3d11a57446f08259dee8f02/pip-10.0.1.tar.gz

TLS Debug / IPv4

$ echo -n | openssl s_client -4 -connect pypi.org:443
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
verify return:1
depth=0 businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 3359300, C = US, ST = Oregon, L = Beaverton, O = Python Software Foundation, CN = www.python.org
verify return:1
---
Certificate chain
 0 s:businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 3359300, C = US, ST = Oregon, L = Beaverton, O = Python Software Foundation, CN = www.python.org
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
 1 s:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA
   i:C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIIBDCCBuygAwIBAgIQCgvu6rKU/G36blVsu5S6BzANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTIwMDkyOTAwMDAwMFoXDTIxMTAzMTAw
MDAwMFowgdExHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
EwczMzU5MzAwMQswCQYDVQQGEwJVUzEPMA0GA1UECBMGT3JlZ29uMRIwEAYDVQQH
EwlCZWF2ZXJ0b24xIzAhBgNVBAoTGlB5dGhvbiBTb2Z0d2FyZSBGb3VuZGF0aW9u
MRcwFQYDVQQDEw53d3cucHl0aG9uLm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKb7uzSV2u41/YZbs+vvB5ob5BVQtKYKg+npgFfdvn/yMuG5Vrvl
iokKJL3RtQGQDGZmYkhsUah2yiYCsQ0dzjBUquG1yxzprRkn1/m/dtwDjH8+mm+t
my80sSVp3TVCnnDuuzazxe0HBGcRM8yqnW5aN+AXV074UUuRRx0ixZy3ttoHl66M
MshcFdJ1mKOKm1ZKCque4Ydk1EizWSjiDtIj4wRzHbOjuGtZrbv+uw396ILmI6oI
AcKIC7VkteEe2s04cXOh7inQgw+fMeiVEnLs+TADNAvYG+4zYNk1ddL3QxiqYTld
JyyUAdIdE5+Q1U2kJrVQnCvAWCAMFVElBzkCAwEAAaOCBDEwggQtMB8GA1UdIwQY
MBaAFD3TUKXWoK3u80pgCmXTIdT4+NYPMB0GA1UdDgQWBBREsu1+8w+FHnZxpf7i
oOhf7b0BVjCCAVQGA1UdEQSCAUswggFHgg53d3cucHl0aG9uLm9yZ4IPZG9jcy5w
eXRob24ub3Jngg9idWdzLnB5dGhvbi5vcmeCD3dpa2kucHl0aG9uLm9yZ4INaGcu
cHl0aG9uLm9yZ4IPbWFpbC5weXRob24ub3Jngg9weXBpLnB5dGhvbi5vcmeCFHBh
Y2thZ2luZy5weXRob24ub3JnghBsb2dpbi5weXRob24ub3Jnggx1cy5weWNvbi5v
cmeCCHB5cGkub3JnggdweXBpLmlvggxkb2NzLnB5cGkuaW+CDWRvY3MucHlwaS5v
cmeCDmRvbmF0ZS5weXBpLmlvgg9kb25hdGUucHlwaS5vcmeCE2Rldmd1aWRlLnB5
dGhvbi5vcmeCE3d3dy5idWdzLnB5dGhvbi5vcmeCCnB5dGhvbi5vcmeCFGRvd25s
b2Fkcy5weXRob24ub3JnMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEF
BQcDAQYIKwYBBQUHAwIwdQYDVR0fBG4wbDA0oDKgMIYuaHR0cDovL2NybDMuZGln
aWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDA0oDKgMIYuaHR0cDovL2Ny
bDQuZGlnaWNlcnQuY29tL3NoYTItZXYtc2VydmVyLWczLmNybDBLBgNVHSAERDBC
MDcGCWCGSAGG/WwCATAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2Vy
dC5jb20vQ1BTMAcGBWeBDAEBMIGIBggrBgEFBQcBAQR8MHowJAYIKwYBBQUHMAGG
GGh0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNvbTBSBggrBgEFBQcwAoZGaHR0cDovL2Nh
Y2VydHMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkV4dGVuZGVkVmFsaWRhdGlv
blNlcnZlckNBLmNydDAMBgNVHRMBAf8EAjAAMIIBBQYKKwYBBAHWeQIEAgSB9gSB
8wDxAHcA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF02oPpyAAA
BAMASDBGAiEArg/ruTBvWubivrxwRytv8VGCpA3yVHTaKFiObDBcHrcCIQCFzUvP
ib7qJGqbLP5IWY11D6sxJvv/ZvIopE0SZW6CrAB2AFzcQ5L+5qtFRLFemtRW5hA3
+9X6R9yhc5SyXub2xw7KAAABdNqD6hoAAAQDAEcwRQIhAMgXNU82IlkTHbOUc/7L
ToliVL6Jin00+mc1isj0q6wiAiBsVKEdXbfCsLJZGb74Lkx1axdiMtDZWVSUJdTJ
7DtzJTANBgkqhkiG9w0BAQsFAAOCAQEAW84GOYCg3n2dfoKtNl1s20kkvbItnvSr
ysmVrCjG+DfvW+Z71Z9m0sukZOY0Aweky+DgvHZUkbPgZBoJ5L915hC8uKlgbk6K
0TjM7aKZkbtj8x68s3lOC0BiFC05WQxV82AxJkx5wygfGmavS703TPrGDb3XXcho
8cg409X9vcWnfVLohO/RAwwlhh8sYC8o46lGgC2k6F2S7Okgqxwsj+RgJ0d777J8
x7VVGTruzaUz8laEcs4jnuPrGw6OWT2v7YiEq3bIlz5hbYa/c6AGvJ44QUr+uEFW
okZVHOUC/rI3HN8rsApSNQRIVH6VCs1Zbz298lDhoBELMapBQEl9RA==
-----END CERTIFICATE-----
subject=businessCategory = Private Organization, jurisdictionC = US, jurisdictionST = Delaware, serialNumber = 3359300, C = US, ST = Oregon, L = Beaverton, O = Python Software Foundation, CN = www.python.org

issuer=C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 Extended Validation Server CA

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3831 bytes and written 382 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 34112C47060105F6E41BB10CA59D08BFFF1C3215D1604B30997C2F165A24A050
    Session-ID-ctx: 
    Resumption PSK: B9FC69C3CA482F1EEBF7D50710CEC4FDC823DCA49D87F3BB04524F69D3C1DE729065861660524668C516B9B3409E540E
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 604800 (seconds)
    TLS session ticket:
    0000 - f9 a4 98 94 f1 75 c3 78-26 03 ea e9 8d 71 11 22   .....u.x&....q."
    0010 - 66 f2 3f 13 ac ef bc d9-b9 49 68 02 bc d1 a1 a5   f.?......Ih.....
    0020 - 64 cb aa bb 9b 06 96 26-6f 41 bc c7 78 3e 03 fc   d......&oA..x>..
    0030 - 55 c0 1c 81 23 78 a2 bb-eb 79 66 ca ae 59 a7 57   U...#x...yf..Y.W
    0040 - c7 8e cd d3 22 0a 9b f5-5e b6 76 11 fc aa 5d be   ...."...^.v...].
    0050 - f7 57 41 b7 bd 66 7b f0-90 63 d7 62 b0 f3 e6 08   .WA..f{..c.b....
    0060 - db 6f 22 f6 ae d0 9e 92-b8 be 87 90 2f cb 8e 86   .o"........./...
    0070 - f0 74 cb 80 73 42 82 25-2f 4f 83 af 87 fc 01 09   .t..sB.%/O......
    0080 - c9 c5 d9 c8 2f 65 cf ae-7a 80 43 b8 78 05 c0 df   ..../e..z.C.x...
    0090 - fd 81 a2 39 bb f2 db b6-1c 36 0a 75 86 1e 23 42   ...9.....6.u..#B

    Start Time: 1622712610
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 0
---
read R BLOCK
DONE

$ echo -n | openssl s_client -4 -connect files.pythonhosted.org:443
CONNECTED(00000003)
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2020
verify return:1
depth=0 CN = *.pythonhosted.org
verify return:1
---
Certificate chain
 0 s:CN = *.pythonhosted.org
   i:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2020
 1 s:C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2020
   i:OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGVzCCBT+gAwIBAgIQAbOmkcpu3Zik7We4fuNZVDANBgkqhkiG9w0BAQsFADBV
MQswCQYDVQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTErMCkGA1UE
AxMiR2xvYmFsU2lnbiBBdGxhcyBSMyBEViBUTFMgQ0EgMjAyMDAeFw0yMTAzMjIx
OTE4MDhaFw0yMjA0MjMxOTE4MDdaMB0xGzAZBgNVBAMMEioucHl0aG9uaG9zdGVk
Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMeHHF1hziNOVtT/
av2/NBGqxbVs5sorNGy5kZRy1UkxAPlnqDFAHwrTQwX3zzAOt0EVk72YylZ01Fpw
W0/21wx5IYD6l2nMO9DeNbJ+7NUxMsOtzUPNvkKcXh3nNmDH6OOA4JUlYGa5NStk
ya/oGwM1dnZ44znUr0giuMa7vPmOMaALOGEejehJweR8uJupxx6cuuW3yTjTtSl5
yyYzR3AW5HF8lrVRRkpnh5hFVvwYk6WzC7Xu2+h6cpnkNoQ3YPrzG+YZsNqdS64A
qhdSUCD9YxQ1YXNr7NmGA11bA0vXOKbXWNFH1XkAk7Pw5Klg0QcZx0tm1dJeLLW1
pf6SGusCAwEAAaOCA1kwggNVMB0GA1UdEQQWMBSCEioucHl0aG9uaG9zdGVkLm9y
ZzAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
MB0GA1UdDgQWBBRG9F9BouglvyxwuzQ8NkERZ6+9UDBWBgNVHSAETzBNMEEGCSsG
AQQBoDIBCjA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNv
bS9yZXBvc2l0b3J5LzAIBgZngQwBAgEwCQYDVR0TBAIwADCBmgYIKwYBBQUHAQEE
gY0wgYowPgYIKwYBBQUHMAGGMmh0dHA6Ly9vY3NwLmdsb2JhbHNpZ24uY29tL2Nh
L2dzYXRsYXNyM2R2dGxzY2EyMDIwMEgGCCsGAQUFBzAChjxodHRwOi8vc2VjdXJl
Lmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc2F0bGFzcjNkdnRsc2NhMjAyMC5jcnQw
HwYDVR0jBBgwFoAUQm1XLU8fJnd0pidk9oD6j0ho/nwwRgYDVR0fBD8wPTA7oDmg
N4Y1aHR0cDovL2NybC5nbG9iYWxzaWduLmNvbS9jYS9nc2F0bGFzcjNkdnRsc2Nh
MjAyMC5jcmwwggF7BgorBgEEAdZ5AgQCBIIBawSCAWcBZQB1AG9Tdqwx8DEZ2JkA
pFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABeFtfgMAAAAQDAEYwRAIgDlDpR/h4WEVy
GnDftsO1VDzNN3iPVDqeRSNzOd94sIUCIELhWRt8mR0ti43gAjEhndFH0RH0pjq4
j8DRxhG6C3azAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAF4
W1+AuAAABAMARjBEAiB6pGWfIf96OrAAbShgiGEGEd3IUkjl2JsYeM325DK0zQIg
LyE8YNhGlHMMDgkj2LVwg2P7eojp4yn4EWnUSh+n/MYAdQBRo7D1/QF5nFZtuDd4
jwykeswbJ8v3nohCmg3+1IsF5QAAAXhbX4FwAAAEAwBGMEQCIBRR1BPhQnIDjZuw
AGU5+Hx4pRv6plnZj91Jx/K98UILAiAi0Z+fhj97/KlYM1jkY8t8MheEDHjMRSno
lYWfG+pY0jANBgkqhkiG9w0BAQsFAAOCAQEAMieCFPqqYPEFHfeBeov+j7Hk/Re4
jBccUU0znIg3qte0OOS+5gEgpUnLoqhOuOEEYxOOafqZ4C/eWDF44wPi60X39Lbq
0WOdnYqtNaz6AEGej9F3Xg/vmTHOFY1aFi8domLhRJzYrXv7qhCkXJLBlqYw7kZC
vepp12J13CIWpdtZzCR3S7uqqaKoEYewNTAzD2KS/xnlSYK6kQLpdcsFeJ+zk/iR
nOS9lKLZgJY4YwbATIHRJyDHn7xgKGInhsviXcItO8JVLsQ7SFILTvoCOp7jsw/u
mMe0OGuFnNpAkzg/MFxdh6oO18rDnLTnNZ0YVp6eYgMoerwwxVZs1XrkEg==
-----END CERTIFICATE-----
subject=CN = *.pythonhosted.org

issuer=C = BE, O = GlobalSign nv-sa, CN = GlobalSign Atlas R3 DV TLS CA 2020

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 3497 bytes and written 409 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: B00348DB850043D5A12DD22FF033F556BBCB689617E3E0305582CFAB4381B149
    Session-ID-ctx: 
    Master-Key: 7B3C8DF4027A68308CB131319CEDB18A971346CA73758637B5A1F8D9DC12DF0E6881A0801A56E67E87233CD6D8C048B3
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 7200 (seconds)
    TLS session ticket:
    0000 - f9 a4 98 94 f1 75 c3 78-26 03 ea e9 8d 71 11 22   .....u.x&....q."
    0010 - e8 eb 5c 40 57 9c 3b ab-aa e2 38 86 52 3a 55 f0   ..\@W.;...8.R:U.
    0020 - f3 fe ac 22 e6 0d 6a 51-a1 0f 17 f5 09 8e 50 28   ..."..jQ......P(
    0030 - fd fc e6 9f 65 7e df 03-fc 8c 03 b9 32 99 98 73   ....e~......2..s
    0040 - ef 86 f2 7f bc 7c 3e 30-3a e7 72 78 e8 90 98 d8   .....|>0:.rx....
    0050 - db eb e6 14 64 a5 db 0a-14 63 49 cc 7e f2 73 6e   ....d....cI.~.sn
    0060 - 84 aa d4 70 cf 38 d8 00-69 78 a9 fd ee ca 08 11   ...p.8..ix......
    0070 - 04 b9 38 84 73 d7 fb e7-8c 79 a7 4d 85 68 85 41   ..8.s....y.M.h.A
    0080 - b4 dc 16 b5 86 80 72 2d-fb 51 7c 42 dd 12 07 39   ......r-.Q|B...9
    0090 - fc f2 eb 54 21 e4 3c 0b-81 cc fc f1 8f f9 cb e5   ...T!.<.........
    00a0 - f5 13 95 39 5e 43 a8 4a-16 df dd 62 f7 ea 57 18   ...9^C.J...b..W.
    00b0 - c9 1f 00 44 4f 50 4b 01-ce 5a e1 78 f1 6e 2c 00   ...DOPK..Z.x.n,.

    Start Time: 1622712636
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: yes
---
DONE

TLS Debug / IPv6 (If available)

$ echo -n | openssl s_client -6 -connect pypi.org:443

$ echo -n | openssl s_client -6 -connect files.pythonhosted.org:443

Code of Conduct

• [X] I agree to follow the PSF Code of Conduct

[arterrey]

testpypi is also giving me the same issue

[pradyunsg]

Has this been a recurring issue? If not, I'd imagine this was an intermittent issue with one of the providers.

[toasterparty]

This happened again today for 5-10 minutes.

[ewdurbin]

Closing as stale. If new issues arise we'll watch for new reports.