785

I am very new to Python and trying to > pip install linkchecker on Windows 7. Some notes:

  • pip install is failing no matter the package. For example, > pip install scrapy also results in the SSL error.
  • Vanilla install of Python 3.4.1 included pip 1.5.6. The first thing I tried to do was install linkchecker. Python 2.7 was already installed, it came with ArcGIS. python and pip were not available from the command line until I installed 3.4.1.
  • > pip search linkchecker works. Perhaps that is because pip search does not verify the site's SSL certificate.
  • I am in a company network but we do not go through a proxy to reach the Internet.
  • Each company computer (including mine) has a Trusted Root Certificate Authority that is used for various reasons including enabling monitoring TLS traffic to https://google.com. Not sure if that has anything to do with it.

Here are the contents of my pip.log after running pip install linkchecker:

Downloading/unpacking linkchecker
 Getting page https://pypi.python.org/simple/linkchecker/
 Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
 Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
 Getting page https://pypi.python.org/simple/
 Could not fetch URL https://pypi.python.org/simple/: connection error: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/ (Caused by <class 'http.client.CannotSendRequest'>: Request-sent)
 Will skip URL https://pypi.python.org/simple/ when looking for download links for linkchecker
 Cannot fetch index base URL https://pypi.python.org/simple/
 URLs to search for versions for linkchecker:
 * https://pypi.python.org/simple/linkchecker/
 Getting page https://pypi.python.org/simple/linkchecker/
 Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
 Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
 Could not find any downloads that satisfy the requirement linkchecker
Cleaning up...
 Removing temporary dir C:\Users\jcook\AppData\Local\Temp\pip_build_jcook...
No distributions at all found for linkchecker
Exception information:
Traceback (most recent call last):
 File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
 status = self.run(options, args)
 File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
 requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
 File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
 url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
 File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
 raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for linkchecker

For this error message in your own code (using urllib, urllib2, requests etc. to attempt a connection using SSL), see urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error .

Karl Knechtel
61.3k14 gold badges131 silver badges193 bronze badges
asked Sep 22, 2014 at 19:25
5
  • 1
    Quite the opposite! Python 3.4.1 and earlier do not do certificate validation by default. If you were using Python 3.4.2, I would have thought that was the problem. (See issue 21013 and this thread on the mailing list. Note that that is the beginning of a pretty long thread.) Sorry I couldn't actually help! Commented Sep 26, 2014 at 14:51
  • 3
    Check if you have fiddler opened and close it. Fiddler try break SSL and this breaks pip, when I close fiddler pip works for me. When I close my fiddler everything goes ok Commented Jul 7, 2016 at 4:46
  • superuser.com/a/747127/13889 Commented Aug 9, 2016 at 21:27
  • You should reinstall Xcode command line tools that contains Python. stackoverflow.com/a/68247505/4067700 Commented Jul 5, 2021 at 8:41
  • This problem happens in linux when not using sudo inside a venv. (if anyone had this problem in linux) Commented Mar 18, 2022 at 10:57

65 Answers 65

1
2 3
1239

This solution is insecure and can lead to other issues like man-in-the-middle attacks. This was given as a solution where the issue is trying to access package repository behind corporate firewalls, and even then is unsafe. Please understand the security risks before considering this as a solution.

use trusted-host in either pip.conf or command line argument

You can ignore SSL errors by setting pypi.org and files.pythonhosted.org as well as the older pypi.python.org as trusted hosts.

$ pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org <package_name>

Note: Sometime during April 2018, the Python Package Index was migrated from pypi.python.org to pypi.org. This means "trusted-host" commands using the old domain no longer work, but you can add both.

Permanent Fix

Since the release of pip 10.0, you should be able to fix this permanently just by upgrading pip itself:

$ pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip setuptools

Or by just reinstalling it to get the latest version:

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

(... and then running get-pip.py with the relevant Python interpreter).

pip install <otherpackage> should just work after this. If not, then you will need to do more, as explained below.

You may want to add the trusted hosts and proxy to your config file.

pip.ini (Windows) or pip.conf (unix)

[global]
trusted-host = pypi.python.org
 pypi.org
 files.pythonhosted.org

Alternate Solutions (Less secure)

All of these answers shared to this question have a security risk associated with them, whether it is to disable SSL verification, add trusted domain, use self signed certificates, etc. Use this solution only if you are behind a corporate firewall and you understand that the risk are handled.

Two of the workarounds that help in installing most of the python packages with ease would be:

  • Using easy_install: if you are really lazy and don't want to waste much time, use easy_install <package_name>. Note that some packages won't be found or will give small errors.
  • Using Wheel: download the Wheel of the python package and use the pip command pip install wheel_package_name.whl to install the package.
miken32
42.6k16 gold badges127 silver badges176 bronze badges
answered Apr 20, 2015 at 15:13
Sign up to request clarification or add additional context in comments.

44 Comments

Your update got things going for me. In my case the corporate firewall inserts itself as the trusted host for SSL connections. I assumed proxy setup was wrong but adding verbose showed the issue was SSL. The index-url change worked around the issue.
Awesome, thx! The trusted-host seems to be sufficient, ie. pip install --trusted-host pypi.python.org pypi_package. Using --verbose shows that without --trusted-host, the HTTPS connection fails, whereas the same HTTPS connection is attempted (not HTTP) with --trusted-host but it succeeds.
Isn't using the HTTP version (and then even trusting it) also a security risk?
you can make it as short to ignore the --index-url parameter ,try this command also should be ok : pip install --trusted-host pypi.python.org pythonPackage
it does not work for me. Running mac os high sierra on a macbookpro 15" Python 2.7 pip 9.0.1 I Tried both: sudo -H pip install --trusted-host pypi.python.org numpy and sudo pip install --trusted-host pypi.python.org numpy it always gives me the same error: "There was a problem confirming the ssl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661) - skipping Could not find a version that satisfies the requirement"
|
240
+25

Use the --cert argument:

You can specify a certificate with:

pip --cert <path/to/cert>.pem install <package list>

e.g.:

pip --cert /etc/ssl/certs/FOO_Root_CA.pem install linkchecker

Alternatively, you may set/export the environmental variable, as mentioned in the official docs export PIP_CERT=path/to/self-signed-cert.pem and then use pip without any special flags, i.e. pip install <package>

See: Docs » Reference Guide » pip

If specifying your company's root cert doesn't work maybe the cURL one will work: http://curl.haxx.se/ca/cacert.pem

You must use a PEM file and not a CRT file. If you have a CRT file you will need to convert the file to PEM There are reports in the comments that this now works with a CRT file but I have not verified.

Also check: SSL Cert Verification.

miken32
42.6k16 gold badges127 silver badges176 bronze badges
answered Sep 26, 2014 at 14:59

15 Comments

The Curl one IS secure. I would suggest using that.
@JeremyCook it could be the time on your server, if it is in the past it could be the verifying process
CRT format is not supported, only PEM format is. You will need to convert the CRT to PEM format using openssl. You should also verify that the bundle that you've downloaded contains the correct root CA. Please see my answer above for the details: stackoverflow.com/a/28724886/41957.
@endolith - Looking at pip.pypa.io/en/stable/user_guide/#configuration it looks like you can either use environment variables, or a pip.conf file to have them referenced permanently without specifying on the command
Works with .crt well now
|
205

Permanent fix - pip config

I had ssl issues due to company network security related to netscope. My machine is windows 10 with python 3.9 and the following command worked for me.

pip config set global.trusted-host \
 "pypi.org files.pythonhosted.org pypi.python.org" \
 --trusted-host=pypi.python.org \
 --trusted-host=pypi.org \
 --trusted-host=files.pythonhosted.org

Here, pip permanently trusted these sites, and now we can use them to download any packages.

miken32
42.6k16 gold badges127 silver badges176 bronze badges
answered Jun 1, 2021 at 22:42

14 Comments

Confirmed to work on recent Debian Linux, but should be x-platform.
Doesn't work on Win10
Works on Mac OSX (Ventura 13.2.1) + Netskope (101.1)
this works for my win10! thank you! for the guys that doesn't work, delete the \ in a notepad, and make above into a single line
You may need first to upgrade pip before this command is accepted : pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --upgrade pip
|
144

For me the problem was fixed by creating a folder pip, with a file: pip.ini in C:\Users\<username>\AppData\Roaming\ e.g:

C:\Users\<username>\AppData\Roaming\pip\pip.ini

Inside it I wrote:

[global]
trusted-host = pypi.python.org
 pypi.org
 files.pythonhosted.org

I restarted python, and then pip permanently trusted these sites, and used them to download packages from.

If you can't find the AppData Folder on windows, write %appdata% in file explorer and it should appear.

answered Aug 24, 2018 at 14:24

10 Comments

Strangely this is not helping on my Win10 machine :/
At work, Windows 10 environment, using Cmder console emulator. --trusted-host used to resolve the "'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain" issue. Today it stopped working. I placed a copy of my pip folder (taken from ../AppData/Local/ ) in ../AppData/Roaming/ and all is right with my local python world again. Thanks much!
Great! Thank you very much. --trusted-host doesn't work for me now, but your solution helps.
Why wasn't this downloaded when installing Python>
One other location: %programdata%/pip/pip.ini
|
73

kenorb’s answer is very useful (and great!).
Among his solutions, maybe this is the most simple one: --trusted-host

For example, in this case you can do

pip install --trusted-host pypi.python.org linkchecker

The pem file(or anything else) is unnecessary.

answered Oct 24, 2016 at 7:50

2 Comments

This also works for other commands such as pip list --trusted-host pypi.python.org --outdated
@plhn now its working with pip install --trusted-host pypi.org your_package_name
59

I tried majority of the solutions provided in this answer blog, however none of them worked, I had this ssl certificant error as I try to install python packages.

I succeed by following command:

python -m pip install PACKAGENAME --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org
answered Oct 18, 2020 at 23:16

2 Comments

After lot of searching finally this did it. Turns out if you are on corporate network they sometimes mess with your SSL or certificates or could be something to do with firewall / proxy. Try with mobile hotspot or something if you have wi-fi adapter which also works for me.
I tried to upgrate pip and only this worked for me as well.
56

The answers are quite similar and a bit confusing. In my case, the certificates in my company's network was the issue. I was able to work around the problem using:

pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org oauthlib -vvv

As seen here. The -vvv argument can be omited if verbose output is not required

answered May 7, 2018 at 21:39

1 Comment

Works because today I am behind some proxy that strips out normal SSL. I don't normally need to specify trusted hosts when grown ups run the network.
47

Permanent Fix

pip install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org

For eg:

pip install <package name> --trusted-host pypi.org --trusted-host files.pythonhosted.org
answered May 6, 2019 at 17:17

4 Comments

Do not try this solution, it uninstall pip and even made I unable to reinstall pip
this solution is not working
<package name> should be python-certifi-win32
@scrollout, Please note that python-certifi-win32 has been replaced by pip-system-certs
33

The most straightforward way I've found, is to download and use the "DigiCert High Assurance EV Root CA" from DigiCert at https://www.digicert.com/digicert-root-certificates.htm#roots

You can visit https://pypi.python.org/ to verify the cert issuer by clicking on the lock icon in the address bar, or increase your geek cred by using openssl:

$ openssl s_client -connect pypi.python.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro,/O=Python Software Foundation/CN=www.python.org
 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

The last CN value in the certificate chain is the name of the CA that you need to download.

For a one-off effort, do the following:

  1. Download the CRT from DigiCert
  2. Convert the CRT to PEM format
  3. Export the PIP_CERT environment variable to the path of the PEM file

(the last line assumes you are using the bash shell) before running pip.

curl -sO http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -text
export PIP_CERT=`pwd`/DigiCertHighAssuranceEVRootCA.pem

To make this re-usable, put DigiCertHighAssuranceEVRootCA.crt somewhere common and export PIP_CERT accordingly in your ~/.bashrc.

answered Feb 25, 2015 at 16:53

2 Comments

Used your answer to export our company's root CA to the PIP_CERT variable and finally after trying everything else including 'pip --cert cert.pem' your way worked...just pip install package. BIG +1 - yeah we have a firewal/proxy/utm.
This still failed for me on Mac Mojave. I followed exactly the 3 steps and still I get "Error: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available". I tried all the --trusted-host and --cert options and pip will not work. I tried to upgrade pip and got the SSL error. I installed pip from scratch with curl and still I get the error when I run pip. Time to ditch pip and stick to conda :(
27

To solve this problem once and for all, you can verify that you have a pip.conf file.

This is where your pip.conf should be, according to the documentation:

On Unix the default configuration file is: $HOME/.config/pip/pip.conf which respects the XDG_CONFIG_HOME environment variable.

On macOS the configuration file is $HOME/Library/Application Support/pip/pip.conf if directory $HOME/Library/Application Support/pip exists else $HOME/.config/pip/pip.conf

On Windows the configuration file is %APPDATA%\pip\pip.ini.

Inside a virtualenv:

On Unix and macOS the file is $VIRTUAL_ENV/pip.conf

On Windows the file is: %VIRTUAL_ENV%\pip.ini

Your pip.conf should look like:

[global]
trusted-host = pypi.python.org

pip install linkchecker installed linkchecker without complains after I created the pip.conf file.

answered Sep 25, 2017 at 17:23

5 Comments

$HOME/Library/Application Support/pip doesn't exist on my machine, is there an alternative location?
Looks like the pip user-guide has been updated since when I posted this answer. I updated my answer for macOS. Does it help?
Does not affect the SSL error on my Win10 machine :/
Does not fix the problem on MacOSX.
I am on macOS. If you installed python3 using brew then make sure you are using pip3 and create the pip.confas $HOME/.config/pip/pip.conf. I worked for me.
27

You've the following possibilities to solve issue with CERTIFICATE_VERIFY_FAILED:

  • Use HTTP instead of HTTPS (e.g. --index-url=http://pypi.python.org/simple/).

  • Use --cert <trusted.pem> or CA_BUNDLE variable to specify alternative CA bundle.

    E.g. you can go to failing URL from web-browser and import root certificate into your system.

  • Run python -c "import ssl; print(ssl.get_default_verify_paths())" to check the current one (validate if exists).

  • OpenSSL has a pair of environments (SSL_CERT_DIR, SSL_CERT_FILE) which can be used to specify different certificate databasePEP-476 .
  • Use --trusted-host <hostname> to mark the host as trusted.
  • In Python use verify=False for requests.get (see: SSL Cert Verification).
  • Use --proxy <proxy> to avoid certificate checks.

Read more at: TLS/SSL wrapper for socket objects - Verifying certificates.

answered Aug 24, 2016 at 13:30

2 Comments

From your first point, how do I specify HTTP with the pip command?
@rayzinnz I've added the example.
22
Set Time and Date correct!

For me, it came out that my date and time was misconfigured on Raspberry Pi. The result was that all SSL and HTTPS connections failed, using the https://files.pythonhosted.org/ server.

Update it like this:
sudo date -s "Wed Thu 23 11:12:00 GMT+1 2018"
sudo dpkg-reconfigure tzdata
Or directly with e.g. Google's time:

Ref.: https://superuser.com/a/635024/935136 

sudo date -s "$(curl -s --head http://google.com | grep ^Date: | sed 's/Date: //g')"
sudo dpkg-reconfigure tzdata
miken32
42.6k16 gold badges127 silver badges176 bronze badges
answered Aug 23, 2018 at 9:30

1 Comment

Been driving me crazy for hours -- thanks for that. The PI time was off by 10-days for me causing (it would appear) all kinds of errors during pip install.
16

All the solutions of adding pypi.org to trusted sites with --trusted-host is not safe, basically skipping https, not really fixing the problem.
Everyone which uses this approach, please try to update your cert this way and remove --trusted-host flag:

sudo yum -y update ca-certificates
export PIP_CERT=/etc/ssl/certs/ca-bundle.crt
miken32
42.6k16 gold badges127 silver badges176 bronze badges
answered Oct 15, 2020 at 8:51

Comments

14

I recently ran into this problem because of my company's web content filter that uses its own Certificate Authority so that it can filter SSL traffic. PIP doesn't seem to be using the system's CA certificates in my case, producing the error you mention. Downgrading PIP to version 1.2.1 presented its own set of problems later on, so I went back to the original version that came with Python 3.4.

My workaround is quite simple: use easy_install. Either it doesn't check the certs (like the old PIP version), or it knows to use the system certs because it works every time for me and I can still use PIP to uninstall packages installed with easy_install.

If that doesn't work and you can get access to a network or computer that doesn't have the issue, you could always setup your own personal PyPI server: how to create local own pypi repository index without mirror?

I almost did that until I tried using easy_install as a last ditch effort.

answered Dec 23, 2014 at 15:17

2 Comments

Same issue here. Another workaround is to export the company's root cert as a file and tell pip to use it with --cert MyCompanyRootCA.crt.
How to use easy_install?
14

TLDR:

pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org -r requirements.txt -vvv
pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org <packageName> -vvv

So, Having 30+ answers to the question already, but nothing was working for me in June 2020 (while in lockdown ).
all were given in different moments of past. I will try to make this answer work for all times in future. The problem is while pip installs package it tries to connect with host URL where package is stored and doesn't trust the URL while downloading it.

There are two ways we can solve this: Easy and non-secure: 1. check which URL is hit by pip to download the package.

pip install <packageName> -vvv

if you will carefully check the output, you will see it might be going to some URL like pypi.org or may be pypi.python.org.

if it is, just add trusted host option to the command like below:

pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org <packageName> -vvv

or if you are using requirements file:

pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org -r requirements.txt -vvv

Secure way:

Go to each of these URL and download their public cert (just google how to download), create a chain, store it as .pem file and run below command:

pip --cert YourPemFile.pem install <packageName>
answered Jun 19, 2020 at 11:25

1 Comment

this does not work for me: RUN pip install --trusted-host https://mirror-pypi.runflare.com -i https://mirror-pypi.runflare.com/simple/ --no-cache-dir -r requirements.txt
13

You can try to bypass the SSL error by using http instead of https. Of course this is not optimal in terms of security, but if you are in a hurry it should do the trick:

pip install --index-url=http://pypi.python.org/simple/ linkchecker
answered Oct 3, 2014 at 13:01

10 Comments

I was expecting your suggestion to work. Crazily I got the exact same errors including the first one Could not fetch URL http://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
Ok, so another workaround is downloading the tar.gz package available here pypi.python.org/pypi/LinkChecker/9.3 and the installing it with: pip install LinkChecker-9.3.tar.gz
But if the package you want to install has dependencies you have to download and install also all dependencies, if they are many this could become a nightmare.
For me, i had to download the whl (for my case pyserial) and install it. This picked up the dependencies that were not collected by the tar.gz... So, maybe whl is another option along the lines of @baxeico python -m pip install pyserial-3.4-py2.py3-none-any.whl For me none of this worked: 1. --cert cacert.pem 2. exporting company certificate, converting to PEM 3. easy_install in cygwin 4. --trusted-host
The now longs works as of 2017 -- HTTP access has been completely cut off. mail.python.org/pipermail/distutils-sig/2017-October/…
|
13

You have 4 options:

Using a certificate as parameter
$ pip install --cert /path/to/mycertificate.crt linkchecker
Using a certificate in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)
%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
cert = /path/to/mycertificate.crt
Ignoring certificate and using HTTP
$ pip install --trusted-host pypi.python.org linkchecker
Ignoring certificate and using HTTP in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)
%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
trusted-host = pypi.python.org
Source
miken32
42.6k16 gold badges127 silver badges176 bronze badges
answered Apr 20, 2018 at 15:44

Comments

11

The answers to use

pip install --trusted-host pypi.python.org <package>

work. But you'll have to check if there are redirects or caches pip is hitting. On Windows 7 with pip 9.0.1, I had to run

pip install \
 --trusted-host pypi.python.org \
 --trusted-host pypi.org \
 --trusted-host files.pythonhosted.org \
 <package>

You can find these with the verbose flag.

answered Apr 25, 2018 at 19:46

Comments

10

I installed pip 1.2.1 with easy_install and upgraded to latest version of pip (6.0.7 at the time) which is able to install packages in my case.

easy_install pip==1.2.1
pip install --upgrade pip
answered Feb 4, 2015 at 14:20

Comments

10

In my case it was due to SSL certificate being signed by internal CA of my company. Using workarounds like pip --cert did not help, but the following package did:

pip install pip_system_certs

See: https://pypi.org/project/pip-system-certs/

This package patches pip and requests at runtime to use certificates from the default system store (rather than the bundled certs ca).

This will allow pip to verify tls/ssl connections to servers who’s cert is trusted by your system install.

answered May 22, 2019 at 10:02

7 Comments

it seems need to install pip_sysem_certs to void the [SSL: CERTIFICATE_VERIFY_FAILED] error, the problem is, trying to install it got the [SSL: CERTIFICATE_VERIFY_FAILED] error...
This may have been a solution at some point in time, but pip_system_certs completely broke my Python environment, and for that reason this is not a good answer. Do not install pip_system_certs. See stackoverflow.com/questions/27835619/… for more information.
Set the proxy on your server and then run: 'C:\Windows\system32>curl bootstrap.pypa.io/get-pip.py -o get-pip.py --proxy proxyx:80'
This also worked for me and my work machine, I have not encountered any issues
@athos pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip pip_system_certs
|
9

First of all,

 pip install --trusted-host pypi.python.org <package name>

did not work for me. I kept getting the CERTIFICATE_VERIFY_FAILED error. However, I noticed in the error messages that they referenced the 'pypi.org' site. So, I used this as the trusted host name instead of pypi.python.org. That almost got me there; the load was still failing with CERTIFICATE_VERIFY_FAILED, but at a later point. Finding the reference to the website that was failing, I included it as a trusted host. What eventually worked for me was:

 pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package name>
answered Apr 23, 2018 at 16:50

1 Comment

Only your answer worked for me. Any idea how to specify the trusted host configuration in VS Code?
9

For Python 3.10

Add/update file with content

[global]
trusted-host = pypi.python.org
 pypi.org
 files.pythonhosted.org

file location

  1. MacOS - $HOME/Library/Application Support/pip/pip.conf

  2. Unix - $HOME/.config/pip/pip.conf

  3. Windows - %APPDATA%\pip\pip.ini

answered Apr 4, 2022 at 12:28

2 Comments

It worked for me on Win10 where I created a file manually on this location C:\ProgramData\pip\pip.ini
Solved for me (python 3.12). I had installed python via brew (which installs pip with it). For whatever reason, there was no directory at /Users/yourusername/Library/Application Support/pip, so I created one, added a file inside called pip.conf with the contents in your answer, opened a new terminal, and then pip install ... worked as expected.
7

I attempted with using the corporate proxy but it failed.

I'm using Python 3.6.

pip.conf file was missing.

Here are the steps to solve the issue:

  1. Install certificate package: -pip --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --trusted-host pypi.org install certifi

  2. Create a pip.conf file, as so:

 $ cd ~/.config 
 $ mkdir pip
 $ cd pip
 $ nano pip.conf

Add the following to the newly created .conf file, and save it.

[global]
trusted-host = pypi.python.org files.pythonhosted.org pypi.org pypi.io

All done and it started working.

Ian
3,9684 gold badges34 silver badges77 bronze badges
answered Feb 12, 2021 at 5:22

1 Comment

I had to figure out a few things to do this on Win10 but this answer got me to the solution when none of the others could. Thanks a ton!
6

Had the same problem trying pip install ftputil with ActivePython 2.7.8, ActivePython 3.4.1, and "stock" Python 3.4.2 on 64-bit Windows 7 Enterprise. All attempts failed with the same errors as OP.

Worked around the problem for Python 3.4.2 by downgrading to pip 1.2.1: easy_install pip==1.2.1 (see https://stackoverflow.com/a/16370731/234235). Same fix also worked for ActivePython 2.7.8.

The bug, reported in March 2013, is still open: https://github.com/pypa/pip/issues/829.

answered Oct 14, 2014 at 23:24

2 Comments

This worked for me as well. While it might seem like a bad idea in the first place to downgrade to an older version of pip, I was dealing with old django packages so the old pip version was actually matching with the other packages.
Issue 829 is now closed.
6

Nothing on this page worked for me until I used the --verbose option to see that it wanted to get to files.pythonhosted.org rather than pypi.python.org:

pip install --trusted-host files.pythonhosted.org <package_name>

So check the URL that it's actually failing on via the --verbose option.

answered Apr 19, 2018 at 0:18

1 Comment

This worked for me with minor change.
6

I'm not sure if this is related, but I had a similar problem which was fixed by copying these files from Anaconda3/Library/bin to Anaconda3/DLLs :

libcrypto-1_1-x64.dll

libssl-1_1-x64.dll

answered May 12, 2019 at 20:25

2 Comments

With Anaconda 2019.03 I have copied the following files from <Anaconda3 folder>/Library/bin to <Anaconda3>/DLLs libcrypto-1_1-x64.dll libcrypto-1_1-x64.pdb libssh2.dll libssl-1_1-x64.dll libssl-1_1-x64.pdb Then I add a ConnectTimeout error, so updated proxy configuration .condarc
Works. Man you're GENIUS! I've been roaming the forums for 1.5 hour, just to find this underestimated and simple solution.
5

One solution (for Windows) is to create a file called pip.ini on the %AppData%\pip\ folder (create the folder if it doesn't exist) and insert the following details:

[global]
cert = C:/certs/python_root.pem
proxy = http://my_user@my_company.com:my_password@proxy_ip:proxy_port

...and then we can execute the install instruction:

pip3 install PyQt5

Another option is to install the package using arguments for the proxy and certificate...

$ pip3 install --proxy http://my_user@my_company.com:my_password@proxy_ip:proxy_port \
 --cert C:/certs/python_root.pem PyQt5

To convert the certificate *.cer files to the required *.pem format execute the following instruction:

$ openssl x509 -inform der -in python_root.cer -out python_root.pem

Hope this helps someone!

slm
16.6k13 gold badges118 silver badges131 bronze badges
answered Apr 17, 2018 at 10:41

2 Comments

For other OS's, take a look at Alex-Antoine Fortin's answer
Didn't need the proxy, just the cert. I ran; pip3.6 config set global.cert '/<path>/server.crt'
5

Short Solution:

easy_install <package name>

For Example:

easy_install pandas

Alternate solution:

pip install <package_name> --trusted-host pypi.org --trusted-host files.pythonhosted.org

Example:

pip install pandas --trusted-host pypi.org --trusted-host files.pythonhosted.org
answered Jan 23, 2020 at 12:58

Comments

5

Just putting this here as I don't see any other mentioning it.

You can set globally trusted-host to pip like this:

py -m pip config set global.trusted-host pypi.org

and most importantly, it will return the right place where the pip.ini/pip.conf is put

answered Apr 21, 2021 at 18:35

Comments

4

I solved this problem by removing my pip and installing the older version of pip: https://pypi.python.org/pypi/pip/1.2.1

answered Oct 9, 2014 at 14:47

5 Comments

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - From Review
@apomene how is OP supposed to include the essential parts of the answer here since it's a link to a binary file...?
@ThomasAyoub, i believe you already know, that the above message is auto filled from SO, when flagging an answer as only link answer
@apomene that doesn't answer my question, I still don't see what OP could/should add?
@ThomasAyoub, To elaborate further, my comment (SO) indicates that question is short and link only, meaning it could better be a comment. My intention was not to explicitly state that OP should add details regrading the link, but details on why this answers the question.
1
2 3

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.