HTTPS requests failing due to missing certs?

[dae]

https://forums.ankiweb.net/t/error-message-when-trying-to-add-images-to-cards/21484
https://forums.ankiweb.net/t/could-not-find-a-suitable-tls-ca-certificate-bundle-started-appearing-around-2-1-54/21498

[darrenburns]

I got the same issue while trying to install AnkiConnect.

Checked my file system and can confirm the PEM file mentioned in the dialog box doesn't exist at all.

I can reproduce consistently, if you'd like me to send over logs or anything let me know where they are and I can do so.

OS: MacOS 12.3.1
Anki Version: ⁨2.1.54 (b6a7760)⁩, Python 3.9.7 Qt 6.3.1 PyQt 6.3.1

[dae]

I have not been able to reproduce the issue, and I suspect it's only affecting a small group of users, or there would have been more reports by now.

In the debug console, please run the following and paste what is shown (checking the output for anything sensitive like your full name first)

import certifi, pprint
pp(certifi.where())
pprint.pprint(dict(os.environ))

https://docs.ankiweb.net/misc.html#debug-console

[suili]

I have the same problem when pasting images from the Internet. It goes away for a while whenever I re-open Anki, but it starts happening after my Anki has been running for a day or two, I'm not sure about the exact duration.

Here's my error message

Error
An error occurred. Please start Anki while holding down the shift key, which will temporarily disable the add-ons you have installed.
If the issue only occurs when add-ons are enabled, please use the Tools > Add-ons menu item to disable some add-ons and restart Anki, repeating until you discover the add-on that is causing the problem.
When you've discovered the add-on that is causing the problem, please report the issue to the add-on author.
Debug info:
Anki 2.1.54 (b6a7760c) Python 3.9.7 Qt 5.14.1 PyQt 5.14.1
Platform: Mac 10.15.7
Flags: frz=True ao=True sv=3
Add-ons, last update check: 2022-08-15 06:28:30

Could not find a suitable TLS CA certificate bundle, invalid path: /var/folders/1s/pcl12wcn09b__l_b1f4b8mcw0000gn/T/tmpb2986eu7cacert.pem
Traceback (most recent call last):
  File "aqt.webview", line 42, in cmd
  File "aqt.webview", line 149, in _onCmd
  File "aqt.webview", line 624, in _onBridgeCmd
  File "aqt.editor", line 467, in onBridgeCmd
  File "aqt.editor", line 945, in onPaste
  File "aqt.editor", line 1204, in onPaste
  File "aqt.editor", line 1201, in _onPaste
  File "aqt.editor", line 925, in doPaste
  File "aqt.editor", line 914, in _pastePreFilter
  File "aqt.editor", line 849, in _retrieveURL
  File "anki.httpclient", line 64, in get
  File "requests.sessions", line 542, in get
  File "requests.sessions", line 529, in request
  File "requests.sessions", line 645, in send
  File "requests.adapters", line 417, in send
  File "requests.adapters", line 228, in cert_verify
OSError: Could not find a suitable TLS CA certificate bundle, invalid path: /var/folders/1s/pcl12wcn09b__l_b1f4b8mcw0000gn/T/tmpb2986eu7cacert.pem

and here's my debug console output

>>> import certifi, pprint
... pp(certifi.where())
... pprint.pprint(dict(os.environ))
'/var/folders/1s/pcl12wcn09b__l_b1f4b8mcw0000gn/T/tmpb2986eu7cacert.pem'
{'DISPLAY': '/private/tmp/com.apple.launchd.AZG7GkihAk/org.xquartz:0',
 'HOME': '/Users/sui',
 'LIBOVERLAY_SCROLLBAR': '0',
 'LOGNAME': 'sui',
 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin:/Library/TeX/texbin',
 'PLATFORM': 'mac:10.15.7',
 'QTWEBENGINE_DICTIONARIES_PATH': '/Users/sui/Library/Application '
                                  'Support/Anki2/dictionaries',
 'QT_ENABLE_HIGHDPI_SCALING': '1',
 'QT_SCALE_FACTOR': '1.0',
 'QT_SCALE_FACTOR_ROUNDING_POLICY': 'PassThrough',
 'SHELL': '/bin/zsh',
 'SSH_AUTH_SOCK': '/private/tmp/com.apple.launchd.wPeIfG7Kre/Listeners',
 'TERMINFO_DIRS': '/usr/share/terminfo',
 'TMPDIR': '/var/folders/1s/pcl12wcn09b__l_b1f4b8mcw0000gn/T/',
 'USER': 'sui',
 'XPC_FLAGS': '0x0',
 'XPC_SERVICE_NAME': 'net.ankiweb.dtop.27380',
 '__CF_USER_TEXT_ENCODING': '0x1F5:0x0:0x0'}

[dae]

Could it be 3 days? macOS apparently cleans the temp folder after files haven't been accessed in 3 days.

[H4nYolo]

I'm having the same problem. Installed it today on a mac book pro m1 max

[H4nYolo]

ok, it magically disappeared after installing it a 2nd time by overwriting the first installation

[RobertBolender]

Could it be 3 days? macOS apparently cleans the temp folder after files haven't been accessed in 3 days.

For anyone else finding this issue in future from a web search:
It appears that this error occurs when triggering a https request in an instance of Anki that has been open on MacOS for more than 3 days. In my particular case, I was attempting to paste an image into a new card.

I didn't have to reinstall, only had to close and re-open Anki.

[User104020]

I'm having the same problem. Installed it today on a mac book pro m1 max

I'm also on a new M1 MacBook Pro, same issue. I need smart computer people to help me :(

[RobertBolender]

I need smart computer people to help me :(

@LucasFrench, did you try exiting Anki and re-opening it? It's classic computer advice for a reason, it worked for me!

[nouro54]

@RobertBolender
Exiting Anki and re-opening it didnt work for me :(
This is my error message:

One or more errors occurred:

1771074083: Please check your internet connection. HTTPSConnectionPool(host='ankiweb.net', port=443): Max retries exceeded with url: /shared/download/1771074083?v=2.1&p=54 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

OS: MacOS 12.5.1
Version ⁨2.1.49 (dc80804)⁩
Python 3.8.6 Qt 5.14.2 PyQt 5.14.2

[nouro54]

When I wrote that in the debug console this was the output:

import certifi, pprint
... pp(certifi.where())
... pprint.pprint(dict(os.environ))
'/Applications/Anki.app/Contents/MacOS/certifi/cacert.pem'
{'COMMAND_MODE': 'unix2003',
'HOME': removed for privacy',
'LIBOVERLAY_SCROLLBAR': '0',
'LOGNAME': 'oubenaline',
'PATH': '/Applications/Anki.app/Contents/MacOS:/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin:/Library/TeX/texbin',
'PLATFORM': 'mac:10.16',
'QML2_IMPORT_PATH': '/Applications/Anki.app/Contents/MacOS/PyQt5/Qt/qml',
'QTWEBENGINEPROCESS_PATH': '/Applications/Anki.app/Contents/Resources/QtWebEngineProcess.app/Contents/MacOS/QtWebEngineProcess',
'QTWEBENGINE_DICTIONARIES_PATH': '/Users/oubenaline/Library/Application '
'Support/Anki2/dictionaries',
'QT_ENABLE_HIGHDPI_SCALING': '1',
'QT_PLUGIN_PATH': '/Applications/Anki.app/Contents/MacOS/PyQt5/Qt/plugins',
'QT_SCALE_FACTOR': '1.0',
'QT_SCALE_FACTOR_ROUNDING_POLICY': 'PassThrough',
'SHELL': '/bin/bash',
'SSH_AUTH_SOCK': '/private/tmp/com.apple.launchd.CBycNbxskN/Listeners',
'SSL_CERT_FILE': '/Applications/Anki.app/Contents/MacOS/certifi/cacert.pem',
'TMPDIR': '/var/folders/_x/q_c8mxkx3xv8f42vm4yv3smnbpx9j2/T/',
'USER': 'oubenaline',
'XPC_FLAGS': '0x0',
'XPC_SERVICE_NAME': 'application.net.ankiweb.dtop.1409860.1409913',
'__CFBundleIdentifier': 'net.ankiweb.dtop',
'__CF_USER_TEXT_ENCODING': '0x576EA622:0x0:0x0'}

[User104020]

@RobertBolender That didn't work for me, but turning off several of my add-ons worked. I'll just have to manage without them.

[dae]

@nouro54 In your case, SSL_CERT_FILE is set, and that may be causing the problem. Can you reproduce the issue in the latest Anki version?

[nouro54]

I have not been able to reproduce the issue in the latest version of Anki.

[searene]

I fixed this problem by closing and reopening Anki.

[Malam9]

EDIT: A few minutes after this, the issue resolved

Same issue on 2.1.54 QT5. Here's my output:

>>> import certifi, pprint ... pp(certifi.where()) ... pprint.pprint(dict(os.environ)) 'C:\\Users\\User\\AppData\\Local\\Temp\\tmpzph61oz5cacert.pem' {'ALLUSERSPROFILE': 'C:\\ProgramData', 'APPDATA': 'C:\\Users\\User\\AppData\\Roaming', 'CHOCOLATEYINSTALL': 'C:\\ProgramData\\chocolatey', 'CHOCOLATEYLASTPATHUPDATE': '132538326541769488', 'COMMONPROGRAMFILES': 'C:\\Program Files\\Common Files', 'COMMONPROGRAMFILES(X86)': 'C:\\Program Files (x86)\\Common Files', 'COMMONPROGRAMW6432': 'C:\\Program Files\\Common Files', 'COMPUTERNAME': 'DESKTOP-O76VAMB', 'COMSPEC': 'C:\\WINDOWS\\system32\\cmd.exe', 'CONDA': 'C:\\ProgramData\\Anaconda3\\Scripts', 'DOWNLOADFILESTATUS': '404', 'DRIVERDATA': 'C:\\Windows\\System32\\Drivers\\DriverData', 'FPS_BROWSER_APP_PROFILE_STRING': 'Internet Explorer', 'FPS_BROWSER_USER_PROFILE_STRING': 'Default', 'HOMEDRIVE': 'C:', 'HOMEPATH': '\\Users\\User', 'JD2_HOME': 'C:\\Users\\User\\AppData\\Local\\JDownloader 2.0', 'LIBOVERLAY_SCROLLBAR': '0', 'LOCALAPPDATA': 'C:\\Users\\User\\AppData\\Local', 'LOGONSERVER': '\\\\DESKTOP-O76VAMB', 'NUMBER_OF_PROCESSORS': '8', 'ONEDRIVE': 'C:\\Users\\User\\OneDrive', 'OS': 'Windows_NT', 'PATH': 'C:\\Program Files\\Anki\\lib\\PyQt5\\Qt5\\bin;C:\\Program Files ' '(x86)\\Common Files\\Oracle\\Java\\javapath;C:\\Program ' 'Files\\Python36\\Scripts\\;C:\\Program ' 'Files\\Python36\\;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOWS\\System32\\OpenSSH\\;C:\\Program ' 'Files\\Wolfram Research\\WolframScript\\;C:\\Program ' 'Files\\dotnet\\;C:\\Program Files\\PuTTY\\;C:\\Program ' 'Files\\nodejs\\;C:\\ProgramData\\chocolatey\\bin;C:\\Program ' 'Files\\Git\\cmd;C:\\Users\\User\\AppData\\Roaming\\npm;C:\\Program ' 'Files\\Microsoft Windows Performance Toolkit\\;C:\\Program Files ' '(x86)\\Pulse Secure\\VC142.CRT\\X64\\;C:\\Program Files (x86)\\Pulse ' 'Secure\\VC142.CRT\\X86\\;C:\\Program ' 'Files\\Amazon\\AWSCLIV2\\;C:\\Program ' 'Files\\Pandoc\\;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOWS\\System32\\OpenSSH\\;C:\\Program ' 'Files\\Wolfram Research\\WolframScript\\;C:\\Program ' 'Files\\dotnet\\;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOWS\\System32\\OpenSSH\\;C:\\Program ' 'Files\\Wolfram Research\\WolframScript\\;C:\\Program ' 'Files\\dotnet\\;C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINDOWS\\System32\\Wbem;C:\\WINDOWS\\System32\\WindowsPowerShell\\v1.0\\;C:\\WINDOWS\\System32\\OpenSSH\\;C:\\Program ' 'Files\\Wolfram Research\\WolframScript\\;C:\\Program ' 'Files\\dotnet\\;C:\\Users\\User\\AppData\\Local\\Microsoft\\WindowsApps;C:\\Python34\\Scripts;C:\\Program ' 'Files\\Python38\\Scripts;C:\\Users\\User\\AppData\\Roaming\\Python\\Python38\\Scripts;C:\\Users\\User\\AppData\\Local\\Google\\Cloud ' 'SDK\\google-cloud-sdk\\bin;C:\\Users\\User\\AppData\\Roaming\\npm;C:\\Program ' 'Files\\heroku\\bin;C:\\Users\\User\\AppData\\Local\\Programs\\MiKTeX\\miktex\\bin\\x64\\;C:\\Users\\User\\AppData\\Roaming\\Python\\Python36\\Scripts;;C:\\Program ' 'Files\\Anki\\lib\\pywin32_system32', 'PATHEXT': '.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC;.PY;.PYW', 'PLATFORM': 'win:10', 'PROCESSOR_ARCHITECTURE': 'AMD64', 'PROCESSOR_IDENTIFIER': 'Intel64 Family 6 Model 60 Stepping 3, GenuineIntel', 'PROCESSOR_LEVEL': '6', 'PROCESSOR_REVISION': '3c03', 'PROGRAMDATA': 'C:\\ProgramData', 'PROGRAMFILES': 'C:\\Program Files', 'PROGRAMFILES(X86)': 'C:\\Program Files (x86)', 'PROGRAMW6432': 'C:\\Program Files', 'PSMODULEPATH': 'C:\\Users\\User\\Documents\\WindowsPowerShell\\Modules;C:\\Users\\User\\AppData\\Local\\Google\\Cloud ' 'SDK\\google-cloud-sdk\\platform\\PowerShell', 'PUBLIC': 'C:\\Users\\Public', 'QTWEBENGINE_DICTIONARIES_PATH': 'C:\\Users\\User\\AppData\\Roaming\\Anki2\\dictionaries', 'QT_ENABLE_HIGHDPI_SCALING': '1', 'QT_OPENGL': 'software', 'QT_QPA_PLATFORM': 'windows:altgr', 'QT_SCALE_FACTOR': '1.0', 'QT_SCALE_FACTOR_ROUNDING_POLICY': 'PassThrough', 'SESSIONNAME': 'Console', 'SYSTEMDRIVE': 'C:', 'SYSTEMROOT': 'C:\\WINDOWS', 'TEMP': 'C:\\Users\\User\\AppData\\Local\\Temp', 'TMP': 'C:\\Users\\User\\AppData\\Local\\Temp', 'USERDOMAIN': 'DESKTOP-O76VAMB', 'USERDOMAIN_ROAMINGPROFILE': 'DESKTOP-O76VAMB', 'USERNAME': 'User', 'USERPROFILE': 'C:\\Users\\User', 'WINDIR': 'C:\\WINDOWS'}

[reneroboter]

Could it be 3 days? macOS apparently cleans the temp folder after files haven't been accessed in 3 days.

I had the same problem. I rarely close the Anki application on my Mac 👍🏿

[leourbina]

Ran into the same issue just now. Re-opening it fixes the issue, but it seems like this is still an issue and should consider re-opening it.

[skadauke]

I'm having a similar issue on the newest Anki version on macOS (Apple Silicon) with updating addons and with AwesomeTTS API calls. Interestingly, syncing the collections works fine. Exiting and re-opening Anki didn't work for me. I'm wondering if there's something wrong with the cacert.pem file shipped with Anki?

Updating an addon:

874215009: Please check your internet connection. HTTPSConnectionPool(host='ankiweb.net', port=443): Max retries exceeded with url: /shared/download/874215009?v=2.1&p=231201 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

AwesomeTTS API call to Google Cloud:

AwesomeTTS: Could not play back blah: HTTPSConnectionPool(host='texttospeech.googleapis.com', port=443): Max retries exceeded with url: /v1/text:synthesize?key=XXXXXXX (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

Anki 23.12.1 (1a1d4d5) (ao)
Python 3.9.15 Qt 6.5.3 PyQt 6.5.3
Platform: macOS-13.6.2-arm64-arm-64bit

Debug console:

>>> import certifi, pprint, os
... pp(certifi.where())
... pp(dict(os.environ))

'/Applications/Anki.app/Contents/MacOS/../Resources/certifi/cacert.pem'
{'COMMAND_MODE': 'unix2003',
 'DISPLAY': '/private/tmp/com.apple.launchd.glSZHmpopC/org.xquartz:0',
 'HOME': '/Users/kadaukes',
 'LIBOVERLAY_SCROLLBAR': '0',
 'LOGNAME': 'kadaukes',
 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin:/Library/TeX/texbin',
 'PLATFORM': 'mac:13.6.2',
 'QTWEBENGINE_DICTIONARIES_PATH': '/Users/kadaukes/Library/Application '
                                  'Support/Anki2/dictionaries',
 'QT_SCALE_FACTOR': '1.0',
 'SHELL': '/usr/local/bin/fish',
 'SSH_AUTH_SOCK': '/private/tmp/com.apple.launchd.LvXBXh9DYT/Listeners',
 'TERMINFO_DIRS': '/usr/share/terminfo',
 'TMPDIR': '/var/folders/fx/t6f7jwf96vzdcdbw_sq9y22nvq8sry/T/',
 'USER': 'kadaukes',
 'XPC_FLAGS': '0x0',
 'XPC_SERVICE_NAME': 'application.net.ankiweb.dtop.173369039.173369640',
 '__CFBundleIdentifier': 'net.ankiweb.dtop',
 '__CF_USER_TEXT_ENCODING': '0x7774671E:0x0:0x0'}

[sheeeeep]

I'm having a similar issue on the newest Anki version on macOS (Apple Silicon) with updating addons and with AwesomeTTS API calls. Interestingly, syncing the collections works fine. Exiting and re-opening Anki didn't work for me. I'm wondering if there's something wrong with the cacert.pem file shipped with Anki?我在最新的macOS（Apple Silicon）上的Anki版本上遇到了类似的问题，无法更新插件和使用AwesomeTTS API。有趣的是，同步收藏功能正常工作。退出并重新打开Anki对我没有起作用。我想知道Anki附带的 cacert.pem 文件是否有问题？

Updating an addon: 更新插件

874215009: Please check your internet connection. HTTPSConnectionPool(host='ankiweb.net', port=443): Max retries exceeded with url: /shared/download/874215009?v=2.1&p=231201 (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

AwesomeTTS API call to Google Cloud:AwesomeTTS API调用到Google Cloud

AwesomeTTS: Could not play back blah: HTTPSConnectionPool(host='texttospeech.googleapis.com', port=443): Max retries exceeded with url: /v1/text:synthesize?key=XXXXXXX (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

Anki 23.12.1 (1a1d4d5) (ao) Python 3.9.15 Qt 6.5.3 PyQt 6.5.3 Platform: macOS-13.6.2-arm64-arm-64bit平台：macOS-13.6.2-arm64-arm-64位

Debug console: 调试控制台

>>> import certifi, pprint, os
... pp(certifi.where())
... pp(dict(os.environ))

'/Applications/Anki.app/Contents/MacOS/../Resources/certifi/cacert.pem'
{'COMMAND_MODE': 'unix2003',
 'DISPLAY': '/private/tmp/com.apple.launchd.glSZHmpopC/org.xquartz:0',
 'HOME': '/Users/kadaukes',
 'LIBOVERLAY_SCROLLBAR': '0',
 'LOGNAME': 'kadaukes',
 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin:/usr/texbin:/Library/TeX/texbin',
 'PLATFORM': 'mac:13.6.2',
 'QTWEBENGINE_DICTIONARIES_PATH': '/Users/kadaukes/Library/Application '
                                  'Support/Anki2/dictionaries',
 'QT_SCALE_FACTOR': '1.0',
 'SHELL': '/usr/local/bin/fish',
 'SSH_AUTH_SOCK': '/private/tmp/com.apple.launchd.LvXBXh9DYT/Listeners',
 'TERMINFO_DIRS': '/usr/share/terminfo',
 'TMPDIR': '/var/folders/fx/t6f7jwf96vzdcdbw_sq9y22nvq8sry/T/',
 'USER': 'kadaukes',
 'XPC_FLAGS': '0x0',
 'XPC_SERVICE_NAME': 'application.net.ankiweb.dtop.173369039.173369640',
 '__CFBundleIdentifier': 'net.ankiweb.dtop',
 '__CF_USER_TEXT_ENCODING': '0x7774671E:0x0:0x0'}

I encountered the same problem.

[dae]

Do you have any software on your machine that monitors/intercepts network connections? Are you using a work or school network that intercepts your connections? What does the following in Terminal.app print?

host ankiweb.net

[skadauke]

I figured out my SSL issues with Anki. On my computer, I have Netskope installed which intercepts HTTPS/SSL. I had to add the Netskope self-signed root certificate to the cacert.pem file of the certifi package that ships with the Anki app.

I used the following command to figure out what the relevant certificates are:

openssl s_client -showcerts -connect texttospeech.googleapis.com:443

And it gave me all certificates in the certificate chain as part of the output.

I then added the self-signed Netskope certificate to /Applications/Anki.app/Contents/Resources/certifi/cacert.pem. This is on macOS. I hope this helps others running into similar issues.