ERROR
pip
network_error
ai_generated
true
ERROR: Could not install packages due to a SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)
ID: pip/network-ssl-cert-verify-failed
88%Fix Rate
90%Confidence
1Evidence
2023-07-10First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| pip 23.0 | active | — | — | — |
| pip 23.3 | active | — | — | — |
| pip 24.0 | active | — | — | — |
| Python 3.10 | active | — | — | — |
| Python 3.11 | active | — | — | — |
| Python 3.12 | active | — | — | — |
Root Cause
pip cannot verify the SSL certificate of the PyPI server because the system's CA certificate bundle is missing, outdated, or improperly configured, often in corporate environments with proxy or custom certificates.
generic中文
pip 无法验证 PyPI 服务器的 SSL 证书,因为系统的 CA 证书包缺失、过期或配置不当,常见于使用代理或自定义证书的企业环境。
Official Documentation
https://pip.pypa.io/en/stable/topics/configuration/#ssl-certificate-verificationWorkarounds
-
90% success Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.
Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.
-
85% success Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package
Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package
-
95% success Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package
Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package
中文步骤
Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.
Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package
Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package
Dead Ends
Common approaches that don't work:
-
98% fail
Setting PIP_REQUIRE_VIRTUALENV does not affect SSL verification; it only enforces virtual environment usage.
-
90% fail
Running pip install --upgrade pip may update pip but does not install missing CA certificates.
-
95% fail
Using pip install --no-cache-dir only bypasses cache; SSL verification still fails.