Introduction
SSL errors often occur when Python cannot verify a server’s TLS certificate. Requests to APIs or HTTPS sites fail with an exception. This post shows common causes and fixes on Windows.
What Is the Error?
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:…)
Python raises this in the ssl or requests library.
It means your client cannot find or trust the CA bundle.
Common Causes
- Missing or outdated CA certificates.
- Incorrect environment variable settings.
- Corporate proxy intercepting SSL.
- Python not locating the system’s CA store.
Solution 1: Install and Use Certifi
-
Install the
certifipackage.pip install certifi -
In your code, point
requeststo certifi’s bundle:import requests, certifi response = requests.get( "https://example.com", verify=certifi.where() ) print(response.status_code)
Solution 2: Set REQUESTS_CA_BUNDLE
-
Find the certifi path:
python -c "import certifi; print(certifi.where())" -
In PowerShell, set the env var for current session:
setx REQUESTS_CA_BUNDLE "<path-to-cacert.pem>" - Restart PowerShell or your editor.
- Now
requestsuses that bundle by default.
Solution 3: Set SSL_CERT_FILE on Windows
- Download a PEM file, e.g., from [curl.se/docs/caextract.html].
-
In PowerShell, add:
setx SSL_CERT_FILE "C:\path\to\cacert.pem" - Restart your terminal or IDE.
Solution 4: Bypass Verification (Not Recommended)
For quick tests only. Disables security checks.
import requests
response = requests.get("https://example.com", verify=False)
print(response.status_code)
Warning: This makes you vulnerable to MITM attacks.
Solution 5: Use verify Parameter Globally
You can configure verify for all sessions:
import requests
session = requests.Session()
session.verify = "C:\\path\\to\\cacert.pem"
resp = session.get("https://example.com")
print(resp.ok)
Conclusion
Always prefer a valid CA bundle. Use certifi or system certificates. Avoid disabling verification in production.
Leave a comment