Skip to content

[SSL: CERTIFICATE_VERIFY_FAILED] #184

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jkirk opened this issue Oct 11, 2021 · 0 comments · May be fixed by #185
Open

[SSL: CERTIFICATE_VERIFY_FAILED] #184

jkirk opened this issue Oct 11, 2021 · 0 comments · May be fixed by #185

Comments

@jkirk
Copy link

jkirk commented Oct 11, 2021
edited
Loading

Since 2021-09-30, the day of the Let's Encrypt DST Root CA X3 expiration, pydio-sync stopped working with:

00:57:40 ERROR   140401309402880 Thread-3 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
Traceback (most recent call last):
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.job.continous_merger", line 460, in run
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.job.continous_merger", line 771, in load_remote_changes_in_store
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.sdkremote.remote", line 407, in changes_stream
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.sdkremote.remote", line 337, in perform_request
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/pydio.sdkremote.remote", line 271, in perform_with_tokens
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.api", line 65, in get
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.api", line 49, in request
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.sessions", line 461, in request
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.sessions", line 573, in send
  File "/home/pydio/tcAgent/work/a00136d723583ad3/build/pydio-agent/out01-PYZ.pyz/requests.adapters", line 431, in send
SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
00:57:40 ERROR   140401317795584 Thread-1 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

This is because a very old list of CA certificates (especially with the now expired root certificate DST Root CA X3 and without the now valid "ISRG Root X1") is included.

We need to update the list of certificates from here, I believe: https://github.com/certifi/python-certifi/blob/master/certifi/cacert.pem

Since there seem to be no new releases, any idea how to create a new build?
jkirk added a commit to jkirk/pydio-sync that referenced this issue Oct 11, 2021
@jkirk
Update root certificates from certifi/python-certifi@8effc0
dadf3e2 
See: certifi/python-certifi@8effc0d

Closes: pydio#184
@jkirk jkirk linked a pull request Oct 11, 2021 that will close this issue
Open
jkirk added a commit to jkirk/docker-pydio-sync-build that referenced this issue Oct 13, 2021
@jkirk
Workaround for the [SSL: CERTIFICATE_VERIFY_FAILED]
14b5d1d 
Issue: pydio/pydio-sync#184
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update root certificates from certifi/python-certifi@8effc0 jkirk/pydio-sync
1 participant
@jkirk