错误:由于 SSLError 无法安装包:[SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败:无法获取本地颁发者证书 (_ssl.c:1129)
ERROR: Could not install packages due to a SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)
ID: pip/network-ssl-cert-verify-failed
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| pip 23.0 | active | — | — | — |
| pip 23.3 | active | — | — | — |
| pip 24.0 | active | — | — | — |
| Python 3.10 | active | — | — | — |
| Python 3.11 | active | — | — | — |
| Python 3.12 | active | — | — | — |
根因分析
pip 无法验证 PyPI 服务器的 SSL 证书,因为系统的 CA 证书包缺失、过期或配置不当,常见于使用代理或自定义证书的企业环境。
English
pip cannot verify the SSL certificate of the PyPI server because the system's CA certificate bundle is missing, outdated, or improperly configured, often in corporate environments with proxy or custom certificates.
官方文档
https://pip.pypa.io/en/stable/topics/configuration/#ssl-certificate-verification解决方案
-
Update the CA certificates bundle: sudo apt-get install --reinstall ca-certificates (Debian/Ubuntu) or brew install ca-certificates && brew reinstall openssl (macOS). Then retry pip install.
-
Set the REQUESTS_CA_BUNDLE environment variable to a custom CA bundle: export REQUESTS_CA_BUNDLE=/path/to/custom-ca-bundle.crt && pip install package
-
Temporarily disable SSL verification (not recommended for production): pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package
无效尝试
常见但无效的做法:
-
98% 失败
Setting PIP_REQUIRE_VIRTUALENV does not affect SSL verification; it only enforces virtual environment usage.
-
90% 失败
Running pip install --upgrade pip may update pip but does not install missing CA certificates.
-
95% 失败
Using pip install --no-cache-dir only bypasses cache; SSL verification still fails.