Error
SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain)')
Common Causes
-
Self-signed Certificates: The error explicitly mentions a “self-signed certificate in certificate chain”. This often happens when the server uses a self-signed certificate instead of one issued by a trusted Certificate Authority (CA).
-
Incomplete Certificate Chain: The server might not be sending the complete certificate chain, leading to verification failure.
-
Expired Certificates: If any certificate in the chain is expired, it can cause this error.
-
Outdated CA Certificates: If your local CA certificate store is outdated, it might not recognize valid certificates.
-
Man-in-the-Middle (MITM) Attacks: In rare cases, this could indicate an attempt to intercept your connection.
-
Misconfigured Server: The server might be improperly configured, sending the wrong certificate or an incomplete chain.
-
Corporate Proxies: Some corporate networks use SSL inspection, which can cause this error if not properly configured.
Solutions
1 - Verify the certificate
macOS / Linux
To retrieve SSL/TLS certificates on macOS or Linux, use the following OpenSSL command:
openssl s_client -showcerts -connect api.labelbox.com:443 </dev/null
Windows
(OpenSSL would need to be installed prior)
Use the command:
openssl s_client -showcerts -connect api.labelbox.com:443 < NUL
Those commands will:
- Connect to api.labelbox.com on port 443.
- Display all certificates in the certificate chain.
- Automatically exit after displaying the certificates.
2 - Depending on what the previous command returns you may need to adjust
Most commonly if this issue comes from a python version conflict or a system env dependency you can install pip-system-certs
pip install pip-system-certs