codecov cli fails SSL handshake with self-hosted while bash uploader does not #87
Description
summary
When trying to upload coverage XML files to a self-hosted codecov instance, the CLI fails to do so, while the bash uploader works. The CLI complains about retries, the server logs are telling me that the SSL handshake has failed.
Environment
tried locally
- version:
codecovcli, version 11.1.0 - os: MacOS ARM64, python3.13
Same issue experienced in GitHub Actions with the wrapper.
Self-hosted server:
- EC2 instance with Let's Encrypt SSL certificate
- everything is exposed on port 443 and the web interface works correctly
Steps to Reproduce
- deploy a self-hosted server using the docker-compose setup on an EC2 instance, point a domain to it, set up an SSL certificate with Let's Encrypt
- try uploading a pytest coverage XML:
./codecov --verbose --enterprise-url <my-URL> upload-coverage --disable-search --fail-on-error -t <my-token> -f coverage.xml
Instead of (2) try doing bash <(curl -s https://codecov.io/bash) -v -t <my-token> -u <my-URL> which then works.
Expected Result
The CLI to upload the results the same way as the bash uploader does.
Actual Result
in the CLI:
[...]
info - 2025-08-03 13:13:42,533 -- Found 1 coverage files to report
debug - 2025-08-03 13:13:42,533 -- Found 311 network files to report, (311 without filtering)
info - 2025-08-03 13:13:42,533 -- > [...]/coverage.xml
debug - 2025-08-03 13:13:42,533 -- Selected uploader to use: <class 'codecov_cli.services.upload.upload_sender.UploadSender'>
debug - 2025-08-03 13:13:42,534 -- Sending upload request to Codecov
warning - 2025-08-03 13:13:42,579 -- Request failed. Retrying --- {"retry": 0}
warning - 2025-08-03 13:13:43,109 -- Request failed. Retrying --- {"retry": 1}
warning - 2025-08-03 13:13:44,138 -- Request failed. Retrying --- {"retry": 2}
Traceback (most recent call last):
File "codecov_cli/main.py", line 100, in <module>
File "codecov_cli/main.py", line 96, in run
File "click/core.py", line 1161, in __call__
File "click/core.py", line 1082, in main
File "click/core.py", line 1697, in invoke
File "click/core.py", line 1443, in invoke
File "click/core.py", line 788, in invoke
File "click/decorators.py", line 33, in new_func
File "codecov_cli/commands/upload_coverage.py", line 86, in upload_coverage
File "click/core.py", line 788, in invoke
File "codecov_cli/services/upload_coverage/__init__.py", line 52, in upload_coverage_logic
File "codecov_cli/services/upload/__init__.py", line 138, in do_upload_logic
File "codecov_cli/services/upload/upload_sender.py", line 102, in send_upload_data
File "codecov_cli/helpers/request.py", line 82, in wrapper
Exception: Request failed after too many retries. URL: https://[...]/upload-coverage
[PYI-47115:ERROR] Failed to execute script 'main' due to unhandled exception!
At the same time on the self-hosted server I can see:
gateway-1 | 86.184.176.121:53656 [03/Aug/2025:12:13:42.574] ssl/2: SSL handshake failure (error:0A000418:SSL routines::tlsv1 alert unknown ca)
gateway-1 | 86.184.176.121:53657 [03/Aug/2025:12:13:43.105] ssl/2: SSL handshake failure (error:0A000418:SSL routines::tlsv1 alert unknown ca)
gateway-1 | 86.184.176.121:53658 [03/Aug/2025:12:13:44.133] ssl/2: SSL handshake failure (error:0A000418:SSL routines::tlsv1 alert unknown ca)
When done with the bash uploader, the report shows up as expected.