SSL: CERTIFICATE_VERIFY_FAILED, certificate has expired #1986
Comments
|
I have managed to circumvent the above problem in the following way:
Hope this helps anyone facing the same problem. |
|
Thank you for the report! I can reproduce this in one of my Windows machines but not on another and not in Ubuntu. Related discussion on MP forum: https://forum.micropython.org/viewtopic.php?f=15&t=11201 Another, possibly related discussion: https://borncity.com/win/2021/09/30/sept-30-2021-will-we-see-trouble-with-old-lets-encrypt-certificates/ Can you please check, whether your browser is happy with certificates of https://micropython.org/ (for example, in Chrome or Firefox click on the padlock left of the address bar). If you ask for detailed information, do you notice some warnings? |
|
Another, possibly relevant issue: certifi/python-certifi#162 |
|
As it turns out, Chrome considers the certificate of https://micropython.org/ as VALID, however, Firefox does not...! |
|
@Jan-Rekers it seems you have a proxy/middlebox that re-encrypts your internet traffic? micropython.org is signed by Let's Encrypt: https://crt.sh/?q=micropython.org |
|
@evgeni: I do use Bit Defender which might function as a proxy in Chrome. I am surprised that Chrome states that BitDefender did issue the certificate of MicroPython.org, while that is not the case. Still, it does. @aivarannamaa : is there a way to tell Thonny to trust LetsEncrypt as certificate issuer? Of would it be possible for MicroPython.org to use a real certificate authority instead of LetsEncrypt? Thanks for all the help up to now! Kind regards, Jan Rekers |
|
No, Thonny don't have means for tweaking the SSL operation. It must be fixed on OS side: https://bugs.python.org/issue45372 I'm at loss here. I tried suggestions given at https://community.letsencrypt.org/t/fixing-windows-installs-that-dont-receive-updates-to-their-trusted-roots/161162/28 but it didn't work for me. It looks like we're not the only ones who can't pinpoint the reason why some Windows instances are not properly updating their certificate stores. |
|
I finally got it solved by installing https://letsencrypt.org/certs/lets-encrypt-r3.der |
|
That has solved my problem! Thonny is now able to receive packages from micropython.org. Still, I do not really like the fact that I had to manually update the trusted root certificates on my computer because "someone on the internet suggested it"... I would have preferred a solution where windows itself would have updated its trusted root certificates. That is a windows issue, though. Many thanks for the extensive help! |
aivarannamaa
changed the title
|
Hi All, Is there a permanent fix for this on the horizon at anypoint? We use Thonny in a teaching lab, and are having multiple students running into this same issue with personal windows devices. As @Jan-Rekers pointed out manually downloading and updating a trusted certificate isn't really a fix, more of a hack with a number of potential security questions attached. All the best, Tom. |
I don't know how to fix it in Thonny as the problem is at the OS level. As a work-around I could switch off certification verification for micropython.org requests, but this isn't too elegant either. |
|
... I also considered switching to using certifi-s certificates, but the same problem occurs there as well: certifi/python-certifi#162 |
|
Can confirm, this fixed for me ( as listed above by another user ) : https://letsencrypt.org/certs/lets-encrypt-r3.der Windows 10, chrome for browser, updates are current as at 29/03/2022. |
|
It Works For me ! |
|
How exactly are you guys 'fixing' this? I downloaded the Cert and loaded it into both my computers Personal cert store, as well as into Firefox and neither worked, still getting the error. |
|
Hi all. In my Windows 10 PC, I was able to fix the error by running Thonny (v3.3.13) with Administrator privileges. After that, I was able to download the MicroPython firmware without errors. |
|
I can confirm I have this issue on windows 10. How about allowing users to bypass SSL errors with a tick box or something? |
|
This is still happening. In Administrator mode or not , no difference. maybe someone renew the SSL certs ... or? using thony 4.02 Windows 10. pico w. "Could not download variants info from https://raw.githubusercontent.com/thonny/thonny/master/data/micropython-variants-uf2.json Traceback (most recent call last): During handling of the above exception, another exception occurred: Traceback (most recent call last): |
|
Maybe this issue shouldn't have been closed? |
I have been trying to solve this issue for a couple of days. I found this, and it solved the problem. I can now add packages to Thonny again. I just signed up to GitHub to post my thanks. |
|
It seems this has risen from the dead. Oct 16, 2023
|
|
@TechCowboy, this error message differs from the one in the title of this thread. Which Thonny version are you using? Have you been able to install packages with the same Thonny installation before? |
|
I received this error with 4.1.3, and an earlier version (4.1.2?). I've
used Thonny for years and have no problems installing packages in the
past. This is with Windows 11.
The latest version available on Ubuntu is 3.3.14-1 and works fine.
…On Tue., Oct. 17, 2023, 04:09 Aivar Annamaa, ***@***.***> wrote:
@TechCowboy <https://github.com/TechCowboy>, this error message differs
from the one in the title of this thread. Which Thonny version are you
using? Have you been able to install packages with the same Thonny
installation before?
—
Reply to this email directly, view it on GitHub
<#1986 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAVXFDEBJHE2OCCTIAT2IADX7YVLXAVCNFSM5FHTS4VKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZWGU4DAMBWGA4Q>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
The Windows 11 was a fresh installation (format and clean install), so I
had not installed packages on this "new" machine before.
…On Tue, 17 Oct 2023 at 08:54, Norman Davie ***@***.***> wrote:
I received this error with 4.1.3, and an earlier version (4.1.2?). I've
used Thonny for years and have no problems installing packages in the
past. This is with Windows 11.
The latest version available on Ubuntu is 3.3.14-1 and works fine.
On Tue., Oct. 17, 2023, 04:09 Aivar Annamaa, ***@***.***>
wrote:
> @TechCowboy <https://github.com/TechCowboy>, this error message differs
> from the one in the title of this thread. Which Thonny version are you
> using? Have you been able to install packages with the same Thonny
> installation before?
>
> —
> Reply to this email directly, view it on GitHub
> <#1986 (comment)>,
> or unsubscribe
> <https://github.com/notifications/unsubscribe-auth/AAVXFDEBJHE2OCCTIAT2IADX7YVLXAVCNFSM5FHTS4VKU5DIOJSWCZC7NNSXTN2JONZXKZKDN5WW2ZLOOQ5TCNZWGU4DAMBWGA4Q>
> .
> You are receiving this because you were mentioned.Message ID:
> ***@***.***>
>
|
|
The Thonny with administration right and install of the certificates worked for me... |
I am new to user Thonny. I have installed version 3.3.13 on a Windows 10 machine, Windows is fully up to date.
On using Tools/Manage Packages I search for SSD1306 and get suggested the package micorpython-ssd1306 which is exactly what I was looking for.
Homepage: https://github.com/stlehmann/micropython-ssd1306
PyPI page: https://pypi.org/project/micropython-ssd1306/
However, on choosing this package I immediately get this error message:
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1091)>
I had a similar problem when I tried to switch Thonny to MicroPython (Raspberry Pi Pico). I could avoid that problem by dropping the file rp2-pico-20210902-v1.17.uf2 directly on the F: drive.
Is there a similar solution for the Install Package problem?
Thanks, Jan Rekers
The text was updated successfully, but these errors were encountered: