{ "id": "pip/tls-ssl-certificate-verify-failed-self-signed", "signature": "ERROR: Could not install packages due to a TLS/SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1129)", "signature_zh": "错误:无法安装包,因为 TLS/SSL 错误:[SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败:证书链中的自签名证书 (_ssl.c:1129)", "regex": "ERROR: Could not install packages due to a TLS/SSL error: \\[SSL: CERTIFICATE_VERIFY_FAILED\\] certificate verify failed: self-signed certificate in certificate chain", "domain": "pip", "category": "network_error", "subcategory": null, "root_cause": "The remote server (e.g., a private PyPI mirror or corporate proxy) presents a self-signed SSL certificate that is not trusted by the system's certificate store, causing pip to reject the connection.", "root_cause_type": "generic", "root_cause_zh": "远程服务器(例如私有 PyPI 镜像或公司代理)提供了系统证书存储不信任的自签名 SSL 证书,导致 pip 拒绝连接。", "versions": [ { "version": "pip 20.3", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "pip 22.0.4", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "pip 23.2", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "", "why_fails": "This only changes installation location, not SSL verification; the certificate error persists.", "fail_rate": 0.95, "condition": "", "sources": [] }, { "action": "", "why_fails": "If the provided certificate is not the exact CA that signed the server certificate, or if the file path is incorrect, pip will still fail with the same error.", "fail_rate": 0.8, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Add the server to trusted hosts: `pip install --trusted-host ` (e.g., `pip install mypackage --trusted-host pypi.example.com`). This disables SSL verification for that host.", "success_rate": 0.9, "how": "Add the server to trusted hosts: `pip install --trusted-host ` (e.g., `pip install mypackage --trusted-host pypi.example.com`). This disables SSL verification for that host.", "condition": "", "sources": [] }, { "action": "Install the self-signed certificate into the system's trust store: on Linux, copy the .crt file to `/usr/local/share/ca-certificates/` and run `update-ca-certificates`; on macOS, add to Keychain and mark as trusted.", "success_rate": 0.85, "how": "Install the self-signed certificate into the system's trust store: on Linux, copy the .crt file to `/usr/local/share/ca-certificates/` and run `update-ca-certificates`; on macOS, add to Keychain and mark as trusted.", "condition": "", "sources": [] } ], "workarounds_zh": [ "将服务器添加到受信任的主机:`pip install --trusted-host `(例如 `pip install mypackage --trusted-host pypi.example.com`)。这将对该主机禁用 SSL 验证。", "将自签名证书安装到系统的信任存储中:在 Linux 上,将 .crt 文件复制到 `/usr/local/share/ca-certificates/` 并运行 `update-ca-certificates`;在 macOS 上,添加到钥匙串并标记为受信任。" ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://pip.pypa.io/en/stable/topics/configuration/#trusted-hosts", "official_doc_section": null, "error_code": "ERROR", "verification_tier": "ai_generated", "confidence": 0.9, "fix_success_rate": 0.88, "resolvable": "true", "first_seen": "2023-08-01", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }