ERROR
pip
network_error
ai_generated
true
错误:无法安装包,因为 TLS/SSL 错误:[SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败:证书链中的自签名证书 (_ssl.c:1129)
ERROR: Could not install packages due to a TLS/SSL error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1129)
ID: pip/tls-ssl-certificate-verify-failed-self-signed
88%修复率
90%置信度
1证据数
2023-08-01首次发现
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| pip 20.3 | active | — | — | — |
| pip 22.0.4 | active | — | — | — |
| pip 23.2 | active | — | — | — |
根因分析
远程服务器(例如私有 PyPI 镜像或公司代理)提供了系统证书存储不信任的自签名 SSL 证书,导致 pip 拒绝连接。
English
The remote server (e.g., a private PyPI mirror or corporate proxy) presents a self-signed SSL certificate that is not trusted by the system's certificate store, causing pip to reject the connection.
官方文档
https://pip.pypa.io/en/stable/topics/configuration/#trusted-hosts解决方案
-
将服务器添加到受信任的主机:`pip install <package> --trusted-host <hostname>`(例如 `pip install mypackage --trusted-host pypi.example.com`)。这将对该主机禁用 SSL 验证。
-
将自签名证书安装到系统的信任存储中:在 Linux 上,将 .crt 文件复制到 `/usr/local/share/ca-certificates/` 并运行 `update-ca-certificates`;在 macOS 上,添加到钥匙串并标记为受信任。
无效尝试
常见但无效的做法:
-
95% 失败
This only changes installation location, not SSL verification; the certificate error persists.
-
80% 失败
If the provided certificate is not the exact CA that signed the server certificate, or if the file path is incorrect, pip will still fail with the same error.