By Jeremy Cook


2014-09-22 19:25:20 8 Comments

I am very new to Python and trying to > pip install linkchecker on Windows 7. Some notes:

  • pip install is failing no matter the package. For example, > pip install scrapy also results in the SSL error.
  • Vanilla install of Python 3.4.1 included pip 1.5.6. The first thing I tried to do was install linkchecker. Python 2.7 was already installed, it came with ArcGIS. python and pip were not available from the command line until I installed 3.4.1.
  • > pip search linkchecker works. Perhaps that is because pip search does not verify the site's SSL certificate.
  • I am in a company network but we do not go through a proxy to reach the Internet.
  • Each company computer (including mine) has a Trusted Root Certificate Authority that is used for various reasons including enabling monitoring TLS traffic to https://google.com. Not sure if that has anything to do with it.

Here are the contents of my pip.log after running pip install linkchecker:

Downloading/unpacking linkchecker
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/ (Caused by <class 'http.client.CannotSendRequest'>: Request-sent)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for linkchecker
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for linkchecker:
  * https://pypi.python.org/simple/linkchecker/
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Could not find any downloads that satisfy the requirement linkchecker
Cleaning up...
  Removing temporary dir C:\Users\jcook\AppData\Local\Temp\pip_build_jcook...
No distributions at all found for linkchecker
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for linkchecker

29 comments

@Alex-Antoine Fortin 2017-09-25 17:23:26

To solve this problem once and for all, you can verify that you have a pip.conf file.

This is where your pip.conf should be, according to the documentation:

On Unix the default configuration file is: $HOME/.config/pip/pip.conf which respects the XDG_CONFIG_HOME environment variable.

On macOS the configuration file is $HOME/Library/Application Support/pip/pip.conf if directory $HOME/Library/Application Support/pip exists else $HOME/.config/pip/pip.conf

On Windows the configuration file is %APPDATA%\pip\pip.ini.

Inside a virtualenv:

On Unix and macOS the file is $VIRTUAL_ENV/pip.conf

On Windows the file is: %VIRTUAL_ENV%\pip.ini

Your pip.conf should look like:

[global]
trusted-host = pypi.python.org

pip install linkchecker installed linkchecker without complains after I created the pip.conf file.

@sancelot 2018-03-13 07:54:15

or /etc/pip.conf on unix system wide ...

@42shadow42 2018-10-01 19:31:12

$HOME/Library/Application Support/pip doesn't exist on my machine, is there an alternative location?

@Alex-Antoine Fortin 2018-10-02 00:43:45

Looks like the pip user-guide has been updated since when I posted this answer. I updated my answer for macOS. Does it help?

@user2673238 2018-08-24 14:24:07

For me the problem was fixed by creating a folder pip, with a file: pip.ini in C:\Users\<username>\AppData\Roaming\ e.g:

C:\Users\<username>\AppData\Roaming\pip\pip.ini

Inside it i wrote:

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

I restarted python, and then pip permanently trusted these sites.

@Thomas Devoogdt 2018-08-23 09:30:24

Set Time and Date correct!

Mabey I'm a bit late to answer,

For me, it came out that my date and time was misconfigured on Raspberry Pi witch as result that all SSL and HTTPS connections failed with the https://files.pythonhosted.org/ server.

Update it like this:

    sudo date -s "Wed Aug  23 11:12:00 GMT+1 2018"
    dpkg-reconfigure tzdata

@SteveJ 2018-10-24 00:32:08

Been driving me crazy for hours -- thanks for that. The PI time was off by 10-days for me causing (it would appear) all kinds of errors during pip install.

@Vaulstein 2015-04-20 15:13:41

You can ignore SSL errors by setting pypi.org and files.pythonhosted.org as trusted hosts.

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>

Note: Sometime during April 2018, the Python Package Index was migrated from pypi.python.org to pypi.org. This means "trusted-host" commands using the old domain no longer work.

Permanent Fix

Since the release of pip 10.0, you should be able to fix this permanently just by upgrading pip itself:

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pip setuptools

Or by just reinstalling it to get the latest version:

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

(… and then running get-pip.py with the relevant Python interpreter).

pip install <otherpackage> should just work after this. If not, then you will need to do more, as explained below.


You may want to add the trusted hosts and proxy to your config file.

pip.ini (Windows) or pip.conf (unix)

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

Alternate Solutions (Less secure)

Most of the answers could pose a security issue.

Two of the workarounds that help in installing most of the python packages with ease would be:

  • Using easy_install: if you are really lazy and don't want to waste much time, use easy_install <package_name>. Note that some packages won't be found or will give small errors.
  • Using Wheel: download the Wheel of the python package and use the pip command pip install wheel_package_name.whl to install the package.

@peater 2015-09-25 18:40:40

Your update got things going for me. In my case the corporate firewall inserts itself as the trusted host for SSL connections. I assumed proxy setup was wrong but adding verbose showed the issue was SSL. The index-url change worked around the issue.

@Oliver 2015-12-22 19:18:24

Awesome, thx! The trusted-host seems to be sufficient, ie. pip install --trusted-host pypi.python.org pypi_package. Using --verbose shows that without --trusted-host, the HTTPS connection fails, whereas the same HTTPS connection is attempted (not HTTP) with --trusted-host but it succeeds.

@Paŭlo Ebermann 2016-06-24 11:47:55

Isn't using the HTTP version (and then even trusting it) also a security risk?

@Alter Hu 2016-08-23 04:43:34

you can make it as short to ignore the --index-url parameter ,try this command also should be ok : pip install --trusted-host pypi.python.org pythonPackage

@FistOfFury 2017-02-27 14:30:37

"pip install --trusted-host pypi.python.org <package_name>" worked for me. Thanks!

@Steven M. Vascellaro 2017-10-16 20:09:28

Can you separate your old answer out into a separate post? Haveing more than one answer in a single post is a bit confusing

@Alex78191 2017-10-28 06:06:33

Not working > Could not fetch URL pypi.python.org/simple{packet}/: 403 Client Error: SSL is required for url: pypi.python.org/simple{packet}/ - skipping

@DevB2F 2017-11-15 23:36:44

I got "no such option: --trusted-host" but I solved it by using "easy_install pip==9.0.1" I was using pip 1.5.6 when I got the error

@Joao Vitorino 2018-02-09 14:09:40

Pypi.python.org only accept https connection now. So must be --index-url=https://pypi.python.org/simple/

@Matthew Weber 2018-02-28 16:49:50

If you are lazy like me and prefer working within the IDE (PyCharm in my case), you can add the option by Checking the "Options" box in the Available Packages window and type "--trusted-host pypi.python.org".

@sancelot 2018-03-13 07:51:45

This is a hack, not a solution. Most of the time, if you are using setup scripts using pip...you won't edit each of those one

@DaniPaniz 2018-04-11 18:55:51

it does not work for me. Running mac os high sierra on a macbookpro 15" Python 2.7 pip 9.0.1 I Tried both: sudo -H pip install --trusted-host pypi.python.org numpy and sudo pip install --trusted-host pypi.python.org numpy it always gives me the same error: "There was a problem confirming the ssl certificate: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:661) - skipping Could not find a version that satisfies the requirement"

@Vaulstein 2018-04-12 11:28:45

@DaniPaniz You can download the .dmg file for numpy and install it on Mac

@Vaulstein 2018-04-12 11:34:03

@DaniPaniz Could not find a version that satisfies the requirement errors can come for the following reason: System time is way off (before 2014-01-01). This will probably lead to SSL verification errors See link - stackoverflow.com/questions/43127536/…

@DaniPaniz 2018-04-12 14:18:52

@Vaulstein thanks for the advice but nothing works. (I know I can install pygame via the dmg but I can't install anything else with pip). I tried every hack and it still doesn't work. Can I uninstall it and reinstall the 1.2 version which apparently does not give this problem?

@DaniPaniz 2018-04-12 14:25:29

I'm reading this link: github.com/Homebrew/legacy-homebrew/issues/41253 and I think the problem might be that the SSL certificate is in another folder with respect to the one pip is looking for..

@DaniPaniz 2018-04-12 14:34:48

updatE: i just deleted pip and python 2.7. Reinstalled both (using brew with python) and now it magically works. probably the links were messed up.. thanks :D

@ScoPi 2018-04-18 16:07:41

On CentOS 7.4, I had to add all of the following hosts as trusted as evidently the pypi.python.org requests leads to requests to the other two: --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org

@Shawn 2018-04-18 17:04:46

For me (Mac OS X High Sierra), the best way to get around this is to use pip download -d <directory> <package> and then pip install --no-index --find-links <directory> <package>.

@Shivam Kotwalia 2018-04-23 10:25:30

As of now when pip has upgraded to 10 and now they have changed their path to files.pythonhosted.org Please update the command to pip --trusted-host files.pythonhosted.org install <<python_package>>

@Matthew Rasa 2018-05-03 13:27:32

I had a parser error on trusted-host pypi.python.org which I changed to trusted-host: pypi.python.org (with the :) to get working.

@mcandre 2018-05-13 23:26:59

Even after configuring pip.ini accordingly, pip and pip3 continue to present the same SSL certificate validation error in Windows 10.

@Joabe Lucena 2018-06-07 14:50:12

I've set it up, but now I'm beeing required to login: User for files.pythonhosted.org:.

@JimB 2018-06-15 00:01:34

pip install --trusted-host pypi.python.org --trusted-host pypi.org <python-package> works for me. The old pypi.python.org forwards to pypi.org, so you need both. The --verbose flag led me through.

@Marco 2018-04-17 10:41:11

One solution (for Windows) is to create a file called pip.ini on the %AppData%\pip\ folder (create the folder if it doesn't exist) and insert the following details:

[global]
cert = C:/certs/python_root.pem
proxy = http://[email protected]_company.com:[email protected]_ip:proxy_port

...and then we can execute the install instruction:

pip3 install PyQt5

Another option is to install the package using arguments for the proxy and certificate...

$ pip3 install --proxy http://[email protected]_company.com:[email protected]_ip:proxy_port \
   --cert C:/certs/python_root.pem PyQt5

To convert the certificate *.cer files to the required *.pem format execute the following instruction:

$ openssl x509 -inform der -in python_root.cer -out python_root.pem

Hope this helps someone!

@Dinei 2018-04-17 17:59:29

For other OS's, take a look at Alex-Antoine Fortin's answer

@avatarofhope2 2018-10-16 21:05:43

Didn't need the proxy, just the cert. I ran; pip3.6 config set global.cert '/<path>/server.crt'

@thiagofalcao 2018-04-20 15:44:12

You have 4 options:

Using a certificate as parameter

$ pip install --cert /path/to/mycertificate.crt linkchecker

Using a certificate in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
cert = /path/to/mycertificate.crt

Ignoring certificate and using HTTP

$ pip install --trusted-host pypi.python.org linkchecker

Ignoring certificate and using HTTP in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
trusted-host = pypi.python.org

Source

@VivekDev 2018-07-16 06:25:55

Vaulstein answer helped me.

I did not find the pip.ini file anywhere on my pc. So did the following.

  1. Went to the the AppData folder. You can get the appdata folder by opening up the command prompt and type echo %AppData%

AppData location using command prompt

Or simply type %AppData% in windows explorer.

AppData location in windows explorer

  1. Create a folder called pip inside of that appdata folder.

  2. In that pip folder that you just created, create a simple textfile called pip.ini

  3. Past the following config settings in that file using a simple editor of your choice.

pip.ini file:

[list]
format=columns

[global]
trusted-host = pypi.python.org pypi.org

You should now be good to go.

@Ezekiel Inalegwu Akoji 2018-05-07 21:39:53

The answers are quite similar and a bit confusing. In my case, the certificates in my company's network was the issue. I was able to work around the problem using:

pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org oauthlib -vvv

As seen here. The -vvv argument can be omited if verbose output is not required

@Gringo Suave 2018-08-24 05:00:01

Only one to fix my problem, thanks.

@pmbotter 2018-04-25 19:46:46

The answers to use

pip install --trusted-host pypi.python.org <package>

work. But you'll have to check if there are redirects or caches pip is hitting. On Windows 7 with pip 9.0.1, I had to run

pip install \
  --trusted-host pypi.python.org \
  --trusted-host pypi.org \
  --trusted-host files.pythonhosted.org \
  <package>

You can find these with the verbose flag.

@Pat B. 2018-04-23 16:50:41

First of all,

    pip install --trusted-host pypi.python.org <package name>

did not work for me. I kept getting the CERTIFICATE_VERIFY_FAILED error. However, I noticed in the error messages that they referenced the 'pypi.org' site. So, I used this as the trusted host name instead of pypi.python.org. That almost got me there; the load was still failing with CERTIFICATE_VERIFY_FAILED, but at a later point. Finding the reference to the website that was failing, I included it as a trusted host. What eventually worked for me was:

    pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package name>

@Shivam Kotwalia 2018-04-23 10:26:32

As of now when pip has upgraded to 10 and now they have changed their path from pypi.python.org to files.pythonhosted.org Please update the command to pip --trusted-host files.pythonhosted.org install python_package

@Dan Austin 2018-04-19 00:18:11

Nothing on this page worked for me until I used the --verbose option to see that it wanted to get to files.pythonhosted.org rather than pypi.python.org:

pip install --trusted-host files.pythonhosted.org <package_name>

So check the URL that it's actually failing on via the --verbose option.

@sancelot 2018-03-19 20:32:27

You may have this problem if some certificates are missing in your system.eg on opensuse install ca-certificates-mozilla

@Martin Melka 2018-02-23 11:21:22

In my case, I was running Python in the minimal alpine docker image. It was missing root CA certificates. Fix:

apk update && apk add ca-certificates

@Steve Tauber 2014-09-26 14:59:52

You can specify a cert with this param:

pip --cert /etc/ssl/certs/FOO_Root_CA.pem install linkchecker

See: Docs » Reference Guide » pip

If specifying your company's root cert doesn't work maybe the cURL one will work: http://curl.haxx.se/ca/cacert.pem

You must use a PEM file and not a CRT file. If you have a CRT file you will need to convert the file to PEM

Also check: SSL Cert Verification.

@Jeremy Cook 2014-09-26 15:08:42

Thanks Steve. I saw that doc, and that does seem like a likely solution to my problem. I'm on Windows 7, do not have a pem file, and am unwilling to use a pem from some third party (can that be secure!?). How can I create a pem file that gets the job done?

@Steve Tauber 2014-09-29 10:18:55

The Curl one IS secure. I would suggest using that.

@Jeremy Cook 2014-09-29 20:53:21

I ran the command using the Curl cert and got the same errors.

@Piotr Sobczyk 2014-10-01 18:34:23

@JeremyCook Could you show how exactly did you ran the command with Curl cert? Did you download the curl certificate to your local disk and passed the filesystem path to the --cert argument? I don't think that --cert supports urls. The requested page is signed by DigiCert and curl CA contains DigiCert so it would be very strange if it doesn't work with curl.

@Jeremy Cook 2014-10-01 20:20:59

@PiotrSobczyk I downloaded the cert from raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.‌​crt and ran pip --cert C:\Python32\ca-bundle.crt install linkchecker. It resulted in the same "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)" error.

@Giovanni Bitliner 2015-01-26 20:32:36

@JeremyCook it could be the time on your server, if it is in the past it could be the verifying process

@chnrxn 2015-02-28 14:38:50

CRT format is not supported, only PEM format is. You will need to convert the CRT to PEM format using openssl. You should also verify that the bundle that you've downloaded contains the correct root CA. Please see my answer above for the details: stackoverflow.com/a/28724886/41957.

@chnrxn 2015-02-28 14:43:15

@JeremyCook, the PEM/certs did not come directly from the third party that you downloaded them from. They gathered the certs from the original sources. It is not possible for a 3rd party to generate a certificate of someone else unless they have the correct key (which only the someone else will have).

@endolith 2016-10-03 15:01:30

is there a way to specify this cert permanently?

@Cinderhaze 2018-04-24 13:30:29

@endolith - Looking at pip.pypa.io/en/stable/user_guide/#configuration it looks like you can either use environment variables, or a pip.conf file to have them referenced permanently without specifying on the command

@MiN 2017-10-13 18:28:16

For me none of the suggested methods worked - using cert, HTTP, trusted-host.

In my case switching to a different version of the package worked (paho-mqtt 1.3.1 instead of paho-mqtt 1.3.0 in this instance).

Looks like problem was specific to that package version.

@Ankit Raval 2017-09-28 10:05:02

Recently I faced the same issue in python 3.6 with visual studio 2015. After spending 2 days, I got the solution and its working fine for me.

I got below error while try to install numpy using pip or from visual studio Collecting numpy Could not fetch URL https://pypi.python.org/simple/numpy/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748) - skipping Could not find a version that satisfies the requirement numpy (from versions: ) No matching distribution found for numpy

Resolution :

For Windows OS

  1. open -> "%appdata%" Create "pip" folder if not exists.
  2. In pip folder create "pip.ini" file.
  3. Edit file and write
    [global]
    trusted-host = pypi.python.org Save and Close the file. Now install using pip/visual studio it works fine.

@Smaillns 2017-05-17 13:57:33

You can try this to ignore "https":

pip install --index-url=http://pypi.python.org/simple/ --trusted-host pypi.python.org  [your package..]

@Smaillns 2017-08-09 04:53:41

if you even have other problems with pip version you can try this pip install --trusted-host pypi.python.org --upgrade pip –

@Arathy Jan 2017-04-04 01:20:47

Inorder to get over the ssl verification issue,

this is something I have tried and worked. I was getting error when I was trying to install ansible so I put ansible in package name.

This tells pip to trust the host pypi.python.org from which we download and to trust it with our package.

pip install --trusted-host pypi.python.org ansible

pip install --trusted-host pypi.python.org --upgrade pip

@uingtea 2017-03-30 21:36:45

for me this is because previously I'm running script which set proxy (to fiddler), reopening console or reboot fix the problem.

@tephyr 2017-07-10 22:58:41

Fiddler can be bypassed by setting "Decrypt HTTPS traffic" to "...from browsers only" in Tools|Options. This fixed the issue for me.

@plhn 2016-10-24 07:50:36

kenorb’s answer is very useful (and great!).
Among his solutions, maybe this is the most simple one: --trusted-host

For example, in this case you can do

pip install --trusted-host pypi.python.org linkchecker

The pem file(or anything else) is unnecessary.

@MikeJ 2017-04-25 14:13:31

I found this worked perfectly on my Windows PC

@Igor 2017-08-17 15:50:36

This also works for other commands such as pip list --trusted-host pypi.python.org --outdated

@R Claven 2018-08-03 22:29:36

this didnt work for me :(

@kenorb 2016-08-24 13:30:40

You've the following possibilities to solve issue with CERTIFICATE_VERIFY_FAILED:

  • Use HTTP instead of HTTPS.
  • Use --cert <trusted.pem> or CA_BUNDLE variable to specify alternative CA bundle.

    E.g. you can go to failing URL from web-browser and import root certificate into your system.

  • Run python -c "import ssl; print(ssl.get_default_verify_paths())" to check the current one (validate if exists).

  • OpenSSL has a pair of environments (SSL_CERT_DIR, SSL_CERT_FILE) which can be used to specify different certificate databasePEP-476.
  • Use --trusted-host <hostname> to mark the host as trusted.
  • In Python use verify=False for requests.get (see: SSL Cert Verification).
  • Use --proxy <proxy> to avoid certificate checks.

Read more at: TLS/SSL wrapper for socket objects - Verifying certificates.

@Daniel Watrous 2016-03-24 17:04:17

In my case I observed that pip failed when installing a related package. In my case the python-heatclient required positional, which required pbr. The install of pbr was failing. When I installed pbr explicitly before installing python-heatclient, it worked as expected.

Call that failed venv/bin/pip install python-heatclient

Calls that succeeded

venv/bin/pip install pbr

venv/bin/pip install python-heatclient

@chnrxn 2015-02-25 16:53:57

The most straightforward way I've found, is to download and use the "DigiCert High Assurance EV Root CA" from DigiCert at https://www.digicert.com/digicert-root-certificates.htm#roots

You can visit https://pypi.python.org/ to verify the cert issuer by clicking on the lock icon in the address bar, or increase your geek cred by using openssl:

$ openssl s_client -connect pypi.python.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro,/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

The last CN value in the certificate chain is the name of the CA that you need to download.

For a one-off effort, do the following:

  1. Download the CRT from DigiCert
  2. Convert the CRT to PEM format
  3. Export the PIP_CERT environment variable to the path of the PEM file

(the last line assumes you are using the bash shell) before running pip.

curl -sO http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -text
export PIP_CERT=`pwd`/DigiCertHighAssuranceEVRootCA.pem

To make this re-usable, put DigiCertHighAssuranceEVRootCA.crt somewhere common and export PIP_CERT accordingly in your ~/.bashrc.

@Marlon 2016-03-22 17:58:29

Used your answer to export our company's root CA to the PIP_CERT variable and finally after trying everything else including 'pip --cert cert.pem' your way worked...just pip install package. BIG +1 - yeah we have a firewal/proxy/utm.

@theofanis 2015-02-04 14:20:33

I installed pip 1.2.1 with easy_install and upgraded to latest version of pip (6.0.7 at the time) which is able to install packages in my case.

easy_install pip==1.2.1
pip install --upgrade pip

@Ross Peoples 2014-12-23 15:17:53

I recently ran into this problem because of my company's web content filter that uses its own Certificate Authority so that it can filter SSL traffic. PIP doesn't seem to be using the system's CA certificates in my case, producing the error you mention. Downgrading PIP to version 1.2.1 presented its own set of problems later on, so I went back to the original version that came with Python 3.4.

My workaround is quite simple: use easy_install. Either it doesn't check the certs (like the old PIP version), or it knows to use the system certs because it works every time for me and I can still use PIP to uninstall packages installed with easy_install.

If that doesn't work and you can get access to a network or computer that doesn't have the issue, you could always setup your own personal PyPI server: how to create local own pypi repository index without mirror?

I almost did that until I tried using easy_install as a last ditch effort.

@glibdud 2018-04-30 18:29:25

Same issue here. Another workaround is to export the company's root cert as a file and tell pip to use it with --cert MyCompanyRootCA.crt.

@psteiner 2014-10-14 23:24:18

Had the same problem trying pip install ftputil with ActivePython 2.7.8, ActivePython 3.4.1, and "stock" Python 3.4.2 on 64-bit Windows 7 Enterprise. All attempts failed with the same errors as OP.

Worked around the problem for Python 3.4.2 by downgrading to pip 1.2.1: easy_install pip==1.2.1 (see https://stackoverflow.com/a/16370731/234235). Same fix also worked for ActivePython 2.7.8.

The bug, reported in March 2013, is still open: https://github.com/pypa/pip/issues/829.

@mknaf 2015-06-02 15:20:43

This worked for me as well. While it might seem like a bad idea in the first place to downgrade to an older version of pip, I was dealing with old django packages so the old pip version was actually matching with the other packages.

@Ortomala Lokni 2015-12-15 13:48:05

Issue 829 is now closed.

@user3080641 2014-10-09 14:47:45

I solved this problem by removing my pip and installing the older version of pip: https://pypi.python.org/pypi/pip/1.2.1

@apomene 2016-08-26 07:57:39

While this link may answer the question, it is better to include the essential parts of the answer here and provide the link for reference. Link-only answers can become invalid if the linked page changes. - From Review

@Thomas Ayoub 2016-08-26 09:33:09

@apomene how is OP supposed to include the essential parts of the answer here since it's a link to a binary file...?

@apomene 2016-08-26 09:41:55

@ThomasAyoub, i believe you already know, that the above message is auto filled from SO, when flagging an answer as only link answer

@Thomas Ayoub 2016-08-26 09:44:32

@apomene that doesn't answer my question, I still don't see what OP could/should add?

@apomene 2016-08-26 09:49:21

@ThomasAyoub, To elaborate further, my comment (SO) indicates that question is short and link only, meaning it could better be a comment. My intention was not to explicitly state that OP should add details regrading the link, but details on why this answers the question.

@baxeico 2014-10-03 13:01:03

You can try to bypass the SSL error by using http instead of https. Of course this is not optimal in terms of security, but if you are in a hurry it should do the trick:

pip install --index-url=http://pypi.python.org/simple/ linkchecker

@Jeremy Cook 2014-10-03 15:00:03

I was expecting your suggestion to work. Crazily I got the exact same errors including the first one Could not fetch URL http://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)

@baxeico 2014-10-03 15:23:13

Looks like a strange network issue. Can you access pypi.python.org from your browser?

@Jeremy Cook 2014-10-03 15:28:10

Yes, quite strange. I can access it from my browser, no problem.

@baxeico 2014-10-03 15:35:59

Ok, so another workaround is downloading the tar.gz package available here pypi.python.org/pypi/LinkChecker/9.3 and the installing it with: pip install LinkChecker-9.3.tar.gz

@baxeico 2014-10-03 15:37:14

But if the package you want to install has dependencies you have to download and install also all dependencies, if they are many this could become a nightmare.

@Jeremy Cook 2014-10-03 15:51:45

That's a great suggestion, although I suspect linkchecker has more dependencies then I want to deal with at-the-moment. Based on your feedback and encouragement that this is totally weird I talked to IT and discovered that all SSL traffic is being decrypted/re-encrypted by our firewall. Most likely that is causing the hiccup. I'm going to meet with our firewall guy next week to work out a solution. I'll post back if I discover anything that might be useful to others.

@dragon788 2016-07-11 14:57:16

@JeremyCook The top answer has the appropriate workaround for your firewall. For errors inside python, supplying the certificate chain that trusts your company's firewall to your program is probably the best option.

Related Questions

Sponsored Content

2 Answered Questions

[SOLVED] Installing NumPy using Pip on Windows

1 Answered Questions

[SOLVED] SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

18 Answered Questions

[SOLVED] pip install mysql-python fails with EnvironmentError: mysql_config not found

8 Answered Questions

[SOLVED] Python pip install error [SSL: CERTIFICATE_VERIFY_FAILED]

  • 2015-09-25 00:14:10
  • jmg0880
  • 16672 View
  • 1 Score
  • 8 Answer
  • Tags:   python centos

1 Answered Questions

[SOLVED] SSL: CERTIFICATE_VERIFY_FAILED error from Python pip in Ubuntu 16.0.4

2 Answered Questions

0 Answered Questions

Pip Install: SSL Certificate Issue

2 Answered Questions

[SOLVED] pip install : issue with the ssl certificate

1 Answered Questions

[SOLVED] pip ssl errors in virtualenv

  • 2017-04-08 02:09:38
  • JohnRain
  • 1311 View
  • 1 Score
  • 1 Answer
  • Tags:   python ssl pip

1 Answered Questions

python pip installation error

Sponsored Content