# ERROR: Could not install packages due to a SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129) - **ID:** `pip/network-ssl-cert-verify-failed` - **Domain:** pip - **Category:** network_error - **Error Code:** `ERROR` - **Verification:** ai_generated - **Fix Rate:** 88% ## Root Cause pip cannot verify the SSL certificate of the PyPI server because the system's CA certificate bundle is missing, outdated, or improperly configured, often in corporate environments with proxy or custom certificates. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | pip 23.0 | active | — | — | | pip 23.3 | active | — | — | | pip 24.0 | active | — | — | | Python 3.10 | active | — | — | | Python 3.11 | active | — | — | | Python 3.12 | active | — | — | ## Workarounds 1. **Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.** (90% success) ``` Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install. ``` 2. **Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package** (85% success) ``` Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package ``` 3. **Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package** (95% success) ``` Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package ``` ## Dead Ends - **** — Setting PIP_REQUIRE_VIRTUALENV does not affect SSL verification; it only enforces virtual environment usage. (98% fail) - **** — Running pip install --upgrade pip may update pip but does not install missing CA certificates. (90% fail) - **** — Using pip install --no-cache-dir only bypasses cache; SSL verification still fails. (95% fail)