{
  "id": "pip/network-ssl-cert-verify-failed",
  "signature": "ERROR: Could not install packages due to a SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)",
  "signature_zh": "错误：由于 SSLError 无法安装包：[SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败：无法获取本地颁发者证书 (_ssl.c:1129)",
  "regex": "ERROR: Could not install packages due to a SSLError: \\[SSL: CERTIFICATE_VERIFY_FAILED\\] certificate verify failed: unable to get local issuer certificate",
  "domain": "pip",
  "category": "network_error",
  "subcategory": null,
  "root_cause": "pip cannot verify the SSL certificate of the PyPI server because the system's CA certificate bundle is missing, outdated, or improperly configured, often in corporate environments with proxy or custom certificates.",
  "root_cause_type": "generic",
  "root_cause_zh": "pip 无法验证 PyPI 服务器的 SSL 证书，因为系统的 CA 证书包缺失、过期或配置不当，常见于使用代理或自定义证书的企业环境。",
  "versions": [
    {
      "version": "pip 23.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "pip 23.3",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "pip 24.0",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Python 3.10",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Python 3.11",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    },
    {
      "version": "Python 3.12",
      "introduced": null,
      "deprecated": null,
      "removed": null,
      "behavior_change": null,
      "status": "active"
    }
  ],
  "os_specific": {},
  "dead_ends": [
    {
      "action": "",
      "why_fails": "Setting PIP_REQUIRE_VIRTUALENV does not affect SSL verification; it only enforces virtual environment usage.",
      "fail_rate": 0.98,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Running pip install --upgrade pip may update pip but does not install missing CA certificates.",
      "fail_rate": 0.9,
      "condition": "",
      "sources": []
    },
    {
      "action": "",
      "why_fails": "Using pip install --no-cache-dir only bypasses cache; SSL verification still fails.",
      "fail_rate": 0.95,
      "condition": "",
      "sources": []
    }
  ],
  "workarounds": [
    {
      "action": "Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.",
      "success_rate": 0.9,
      "how": "Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.",
      "condition": "",
      "sources": []
    },
    {
      "action": "Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package",
      "success_rate": 0.85,
      "how": "Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package",
      "condition": "",
      "sources": []
    },
    {
      "action": "Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package",
      "success_rate": 0.95,
      "how": "Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package",
      "condition": "",
      "sources": []
    }
  ],
  "workarounds_zh": [
    "Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.",
    "Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package",
    "Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package"
  ],
  "transition_graph": {
    "leads_to": [],
    "preceded_by": [],
    "frequently_confused_with": []
  },
  "official_doc_url": "https://pip.pypa.io/en/stable/topics/configuration/#ssl-certificate-verification",
  "official_doc_section": null,
  "error_code": "ERROR",
  "verification_tier": "ai_generated",
  "confidence": 0.9,
  "fix_success_rate": 0.88,
  "resolvable": "true",
  "first_seen": "2023-07-10",
  "last_confirmed": "2024-06-01",
  "last_updated": "2024-06-01",
  "evidence_count": 1,
  "tags": [],
  "locale": "en",
  "aliases": []
}