Closed shelbyKiraM closed 9 years ago
It's an old problem. See https://github.com/rg3/youtube-dl/search?q=CERTIFICATE_VERIFY_FAILED&type=Issues&utf8=%E2%9C%93 for previous discussions.
--no-check-certificate
works. Thx. But, you can't fallback to that if it errors?
Post the full output with the --verbose
option. If you are not using Windows I would appreciate if you could post the output of wget https://www.youtube.com/watch\?v\=WBsyc139pvA
and curl -v https://www.youtube.com/watch\?v\=WBsyc139pvA > /dev/null
(to see if they also fail).
--no-check-certificate works. Thx. But, you can't fallback to that if it errors?
It's unsecure, and it seems to be required because of a misconfiguration.
wget https://www.youtube.com/watch\?v\=WBsyc139pvA
--2015-03-29 14:43:50-- https://www.youtube.com/watch?v=WBsyc139pvA
Resolving www.youtube.com... 216.58.192.14, 2607:f8b0:4005:801::200e
Connecting to www.youtube.com|216.58.192.14|:443... connected.
ERROR: cannot verify www.youtube.com's certificate, issued by 'CN=Google Internet Authority G2,O=Google Inc,C=US':
Unable to locally verify the issuer's authority.
To connect to www.youtube.com insecurely, use `--no-check-certificate'.
curl -v https://www.youtube.com/watch\?v\=WBsyc139pvA > /dev/null 5 ↵
* Hostname was NOT found in DNS cache
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 216.58.192.14...
* Trying 2607:f8b0:4005:801::200e...
* Immediate connect fail for 2607:f8b0:4005:801::200e: No route to host
* Connected to www.youtube.com (216.58.192.14) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
* Server certificate: *.google.com
* Server certificate: Google Internet Authority G2
* Server certificate: GeoTrust Global CA
> GET /watch?v=WBsyc139pvA HTTP/1.1
> User-Agent: curl/7.37.1
> Host: www.youtube.com
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Sun, 29 Mar 2015 21:44:57 GMT
* Server gwiseguy/2.0 is not blacklisted
< Server: gwiseguy/2.0
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
< Cache-Control: no-cache
< Content-Type: text/html; charset=utf-8
< P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
< Expires: Tue, 27 Apr 1971 19:44:06 EST
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: YSC=Iwm-_Uh8BVA; path=/; domain=.youtube.com; HttpOnly
< Set-Cookie: VISITOR_INFO1_LIVE=gr55qLcKQb4; expires=Sat, 28-Nov-2015 09:37:57 GMT; path=/; domain=.youtube.com; HttpOnly
< Alternate-Protocol: 443:quic,p=0.5
< Accept-Ranges: none
< Vary: Accept-Encoding
< Transfer-Encoding: chunked
<
{ [data not shown]
100 182k 0 182k 0 0 96317 0 --:--:-- 0:00:01 --:--:-- 96327
* Connection #0 to host www.youtube.com left intact
youtube-dl https://www.youtube.com/watch\?v\=WBsyc139pvA -v
[debug] System config: []
[debug] User config: []
[debug] Command-line args: [u'https://www.youtube.com/watch?v=WBsyc139pvA', u'-v']
[debug] Encodings: locale UTF-8, fs utf-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2015.03.24
[debug] Python version 2.7.9 - Darwin-14.3.0-x86_64-i386-64bit
[debug] exe versions: ffmpeg 2.6.1, ffprobe 2.6.1
[debug] Proxy map: {}
[youtube] WBsyc139pvA: Downloading webpage
ERROR: Unable to download webpage: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)> (caused by URLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'),))
File "/usr/local/bin/youtube-dl/youtube_dl/extractor/common.py", line 314, in _request_webpage
return self._downloader.urlopen(url_or_request)
File "/usr/local/bin/youtube-dl/youtube_dl/YoutubeDL.py", line 1673, in urlopen
return self._opener.open(req, timeout=self._socket_timeout)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/local/bin/youtube-dl/youtube_dl/utils.py", line 695, in https_open
req, **kwargs)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
If you install openssl with hombrew (it should probably be already installed by wget and python), what happens if you run export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem
first?
17:38:04 user@Daedalus.local Downloads export SSL_CERT_FILE=/usr/local/etc/openssl/cert.pem
17:38:18 user@Daedalus.local Downloads youtube-dl https://www.youtube.com/watch\?v\=WBsyc139pvA --verbose
[debug] System config: []
[debug] User config: []
[debug] Command-line args: [u'https://www.youtube.com/watch?v=WBsyc139pvA', u'--verbose']
[debug] Encodings: locale UTF-8, fs utf-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2015.03.24
[debug] Python version 2.7.9 - Darwin-14.3.0-x86_64-i386-64bit
[debug] exe versions: ffmpeg 2.6.1, ffprobe 2.6.1
[debug] Proxy map: {}
[youtube] WBsyc139pvA: Downloading webpage
ERROR: Unable to download webpage: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)> (caused by URLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'),))
File "/usr/local/bin/youtube-dl/youtube_dl/extractor/common.py", line 314, in _request_webpage
return self._downloader.urlopen(url_or_request)
File "/usr/local/bin/youtube-dl/youtube_dl/YoutubeDL.py", line 1673, in urlopen
return self._opener.open(req, timeout=self._socket_timeout)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(_args)
File "/usr/local/bin/youtube-dl/youtube_dl/utils.py", line 695, in https_open
req, *_kwargs)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
Can reproduce this on Mac OS X, latest version of System, and the latest version of youtube-dl.
$ youtube-dl https://www.youtube.com/watch\?v\=7NZ9X9A2efA -v
[debug] System config: []
[debug] User config: []
[debug] Command-line args: [u'https://www.youtube.com/watch?v=7NZ9X9A2efA', u'-v']
[debug] Encodings: locale UTF-8, fs utf-8, out UTF-8, pref UTF-8
[debug] youtube-dl version 2015.03.28
[debug] Python version 2.7.9 - Darwin-14.3.0-x86_64-i386-64bit
[debug] exe versions: none
[debug] Proxy map: {}
[youtube] 7NZ9X9A2efA: Downloading webpage
ERROR: Unable to download webpage: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)> (caused by URLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)'),))
File "/usr/local/bin/youtube-dl/youtube_dl/extractor/common.py", line 314, in _request_webpage
return self._downloader.urlopen(url_or_request)
File "/usr/local/bin/youtube-dl/youtube_dl/YoutubeDL.py", line 1673, in urlopen
return self._opener.open(req, timeout=self._socket_timeout)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/local/bin/youtube-dl/youtube_dl/utils.py", line 695, in https_open
req, **kwargs)
File "/usr/local/Cellar/python/2.7.9/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
SSL_CERT_FILE
environment variable already exported:
$ echo $SSL_CERT_FILE
/usr/local/etc/openssl/cert.pem
Can use --no-check-certificate
to download the video, but wonder what is going wrong with the certs.
Thanks in advance for your reply.
Found a solution:
Manually install ca-cert, then export this cert as an environment variable
A script to install certs: https://gist.github.com/1stvamp/2158128
and then export SSL_CERT_FILE="/usr/share/curl/ca-bundle.crt"
in your .bashrc
@izzyleung note that on that the script ca-cert is downloaded over http, probably not the most secure option.
@jaimeMF Yep, thanks for mentioning that.
And, just wonder why I have to manually install the certs rather than just use the system default. :-(
@blacRose @jaimeMF
Found out the solution, I think it might be the problem of the certs installed by brew's openssl, they might be expired.
Just force uninstall openssl by brew remove openssl
, then rm -rf /usr/local/etc/openssl
.
Finally, reinstall openssl by brew install openssl
, it will reinstall the certs for you, and now youtube-dl should work fine without --no-check-certificate
and you don't have to export the environment variable.
Link to the solution: https://github.com/Homebrew/homebrew/issues/38800
You guys can also add this solution to README of this project to remind those who have the certificate problem.
Problem and temporary workaround detailed below for via Homebrew installations. This isn't a solution, just a dirty hack until OpenSSL do something with the upstream bug report, or Apple do something with the cert situation.
https://github.com/Homebrew/homebrew/issues/38800#issuecomment-94213956 https://github.com/Homebrew/homebrew/pull/38495 https://github.com/Homebrew/homebrew/issues/38491
Thanks for finding the "solution", I'm closing the issue. Feel free to submit a PR adding it to the FAQ
This solved the problem for me, thank you!
brew uninstall --force openssl
brew install openssl
You shouldn't need to force removal of the existing OpenSSL first - Just brew update && brew reinstall openssl
.
Just confirming that I had this problem and the solution to do this worked:
brew update && brew reinstall openssl
please help me remove the same error in Ubuntu. I have tried uninstalling openssl using apt-get.
Is this relevant for SSL Certificate failure in Win 7, using youtube-dl updated 18 Dec, and also using youtube-dl-GUI-0.3.7-win? The GUI always fails, the command line only sometimes.
Things are different on Windows and Unix-like systems. See #7309 for more information. Especially, @skarp7c1 provides a possible solution in https://github.com/rg3/youtube-dl/issues/7309#issuecomment-165327967.
How do you fix this in Windows and Chocolatey? I already have
SSL_CERT_FILE=C:\ruby200\cacert.pem
Which I got from http://curl.haxx.se/ca/cacert.pem
If I got it right Chocolatey uses official Windows installers from python.org, so you need to do the same - delete expired CA certificates.
What do you mean "delete expired CA certificates"? It's just a text file. Which certificate? They are all encoded. I don't feel like decoding every one to find it's expiration date. I don't even have openssl installed in Windows.
See #7309 for detailed steps. Note that @skarp7c1's approach (install Google's new certificate) is incorrect. You should remove invalid certificates instead of add new ones.
This can also happen if you have something set as your LD_LIBRARY_PATH
.
For example exporting plex's lib path...
export LD_LIBRARY_PATH=/usr/lib/plexmediaserver:$LD_LIBRARY_PATH
Causes similar errors. Sorry to bounce up an old bug, couldn't find a useful place to put this as it may be helpful for someone else.
@outhud: remove the broken OpenSSL installation in /usr/local (1.1.1-dev) and rebuild Python if necessary
Found a solution:
Manually install ca-cert, then export this cert as an environment variable
A script to install certs: https://gist.github.com/1stvamp/2158128
and then
export SSL_CERT_FILE="/usr/share/curl/ca-bundle.crt"
in your.bashrc
Worked for me.
Found a solution:
Manually install ca-cert, then export this cert as an environment variable
A script to install certs: https://gist.github.com/1stvamp/2158128
and then
export SSL_CERT_FILE="/usr/share/curl/ca-bundle.crt"
in your.bashrc
I used this method , and it's worked!
Possible solution for iOS: https://github.com/ytdl-org/youtube-dl/issues/31747#issuecomment-2038348714