urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate ve rify failed (_ssl.c:661)>

[KathyShen]

Heads up!

We appreciate any bug reports or other contributions, but please note that this issue
tracker is only for this client library. We do not maintain the APIs that this client
library talks to. If you have an issue or questions with how to use a particular API,
you may be better off posting on Stackoverflow under the google-api tag. If you
are reporting an issue or requesting a feature for a G Suite API, please use their
public issue tracker

Thank you!

[KathyShen]

Hi I'm trying to generate report using Adword API. It was working fine on my local laptop (Windows 10). But when I deploy to the remote server (Windows Server 2012 R2), I'm getting below error message:

urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>

Checked my python and lib versions, don't think it's the version issue. Anyone can suggest what are the potential reason?
-- Python 2.7.13
-- google-api-python-client 1.6.5
-- pyOpenSSL 17.5.0

[theacodes]

Can you connect to google.com or googleapis.com with any other programs on that server (excluding web browsers)?

[KathyShen]

No, the server couldn't connect to the web. Are there any alternatives? Is it required for the API to work?

[KathyShen]

I could Ping google.com from the cmd

[theacodes]

ping is not the same as being able to establish a secure connection. The server needs to be able to access https://googleapis.com.

[dsoprea]

I'm getting reports of some users getting this error for one of my projects. Upon further investigation, it looks like the certificate of the server was probably very recently changed (within three weeks) and, very oddly (though not very relevantly), it looks to expire after just three months (May). It doesn't seem likely, but, if there was some way, some place that this could be cached, then this might explain the verification problem. This type of issue would've just started being observed three weeks ago.

dsoprea/GDriveFS#195

[MichaelJW]

I'm getting the same error but on my local machine, not on a server. I've set disable_ssl_certificate_validation=True in the internal http = httplib2.Http() call as a temporary fix.

Is there anything I can do to help diagnose the issue? @jonparrott, you asked about being able to connect to google.com and googleapis.com using other programs (excluding web servers), so I tried using openssl to connect (following these instructions).

Here are the (truncated) responses, first for googleapis.com:

.\openssl s_client -connect googleapis.com:443 -servername googleapis.com -showcerts | .\openssl x509 -text -noout
Loading 'screen' into random state - done
depth=1 /C=US/O=Google Trust Services/CN=Google Internet Authority G3
verify error:num=20:unable to get local issuer certificate
verify return:0
read:errno=0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            54:09:9a:41:c8:36:9f:a0
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google Trust Services, CN=Google Internet Authority G3
        Validity
            Not Before: Feb 13 11:15:46 2018 GMT
            Not After : May  8 10:40:00 2018 GMT

...and for google.com:

.\openssl s_client -connect google.com:443 -servername google.com -showcerts | .\openssl x509 -text -noout
Loading 'screen' into random state - done
depth=2 /C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
read:errno=0
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            50:14:fa:c2:bd:63:57:aa
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
        Validity
            Not Before: Feb 20 14:17:23 2018 GMT
            Not After : May 15 14:08:00 2018 GMT

I don't know anything about diagnosing this kind of problem, I'm afraid, so any guidance would be welcome. I'm running Windows 10 Pro and have updated httplib2, google-api-python-client, and oauthlib to the latest versions since getting the error (which made no difference). The code was working fine last week and I've made no changes to it since then.

[theacodes]

Far and above the most common culprits here are outdated versions of OpenSSL and outdated CA certificates.

I would highly recommend trying with Python 3.6.2 from the official installer on windows (which will include a recent version of SSL). Barring that, you can try installing urllib3[secure] and using httplib2shim.

[theacodes]

You can also try installing requests[security] and seeing if you can make any request to https://googleapis.com from Python.

[jchappell82]

Just a comment that might help folks with this issue - I had this issue today on Ubuntu 16.04 and macOS, and the actual solution for me was that I had httplib2 pinned to an older release in the project I was working on.

A quick pip install --upgrade httplib2 (which only upgraded httplib2, no other dependencies) and then repinning my project to that version (0.10.3 as of this morning - and is within the allowed range of this library) resolved the issue. Really easy to miss if you're in the habit of creating a requirements.txt by doing a pip freeze > requirements.txt or something similar.

Hopefully this helps someone else who may be having the same issue.

[ghost]

This helped resolve my issue:
Thanks to the blog by Yifan Peng : http://blog.pengyifan.com/how-to-fix-python-ssl-certificate_verify_failed/

I added the below code:

import os, ssl
if (not os.environ.get('PYTHONHTTPSVERIFY', '') and
    getattr(ssl, '_create_unverified_context', None)): 
    ssl._create_default_https_context = ssl._create_unverified_context

[mcdonc]

For the record, this error is almost certainly due to the following combination of events:

• The certificate database of the operating system on which the script is run is outdated.

• You are running Python 2 >= 2.7.9 or Python 3 >= 3.4

In these versions of Python, SSL certificate verification is turned on by default (in previous versions, it was turned off by default). The solution is to update your OS' certificate database, which differs greatly per OS.

For more information:

https://www.python.org/dev/peps/pep-0476/

[MikioSuematsu]

I also encountered an error.

root@vega-pluto-nix-jobs-wvkgt:/var/app# bq show prd-analysis
BigQuery error in show operation: Cannot contact server. Please try again.
Traceback: Traceback (most recent call last):
File "/usr/lib/google-cloud-sdk/platform/bq/bigquery_client.py", line 681, in BuildApiClient
_, discovery_document = http.request(discovery_url)
File "/usr/lib/google-cloud-sdk/platform/bq/third_party/oauth2client_4_0/transport.py", line 176, in new_request
redirections, connection_type)
File "/usr/lib/google-cloud-sdk/platform/bq/third_party/oauth2client_4_0/transport.py", line 283, in request
connection_type=connection_type)
File "/usr/lib/google-cloud-sdk/platform/bq/third_party/httplib2/__init__.py", line 1626, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/usr/lib/google-cloud-sdk/platform/bq/third_party/httplib2/__init__.py", line 1368, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/usr/lib/google-cloud-sdk/platform/bq/third_party/httplib2/__init__.py", line 1288, in _conn_request
conn.connect()
File "/usr/lib/google-cloud-sdk/platform/bq/third_party/httplib2/__init__.py", line 1082, in connect
raise SSLHandshakeError(e)
SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

version.

root@vega-pluto-nix-jobs-wvkgt:/var/app# python --version
Python 2.7.13
root@vega-pluto-nix-jobs-wvkgt:/var/app# openssl version
OpenSSL 1.0.2p  14 Aug 2018
root@vega-pluto-nix-jobs-wvkgt:/var/app# gcloud version
Google Cloud SDK 217.0.0
alpha 2018.09.17
beta 2018.09.17
bq 2.0.34
core 2018.09.17
gsutil 4.34
kubectl 2018.09.17

Once I enabled disable_ssl_validation.

[Georgiiliev]

Also when I enable disable_ssl_validation I get this error,

Traceback (most recent call last):
  File "/Users/georgi/Documents/2018-2019-Leerjaar-2/Python/getInfoKVK/venv/src/scraping.py", line 8, in <module>
    f = urllib.request.urlopen("https://www.mkb-bedrijvengids.nl/")
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 222, in urlopen
    return opener.open(url, data, timeout)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 531, in open
    response = meth(req, response)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 641, in http_response
    'http', request, response, code, msg, hdrs)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 569, in error
    return self._call_chain(*args)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 503, in _call_chain
    result = func(*args)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/urllib/request.py", line 649, in http_error_default
    raise HTTPError(req.full_url, code, msg, hdrs, fp)
urllib.error.HTTPError: HTTP Error 403: Forbidden

Is anyone familiar with this error ?

Fixed it by adding this.

    req = Request(
        'https://www.example.com/',
        headers={'User-Agent': 'Mozilla/5.0'})
    webpage = urlopen(req).read()
    s = webpage.decode('utf-8')

[JohannesKopetschke]

Hello,

I get the same error. This is my Script:
import urllib2

if name == 'main':
url = 'https://www.google.at'
response = urllib2.urlopen(url).read()
print response

Error:
Traceback (most recent call last):
File "/Users/jkopetschke/smartninja_2018/wd1_2018/python_00600_webscrapen/example_01707_scraping_get_webpage_exercise_solution.py", line 6, in
response = urllib2.urlopen(url).read()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 429, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 447, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 407, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1241, in https_open
context=self._context)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1198, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)>

Does anyone know what the error is?

Cheers,
Johannes

[biranchi2018]

Why is it closed ? Is the issue resolved ?

[3ri4nG0ld]

in the link https://google.com we leave it as http and solved. At least that was my case :P