SSL: certificate_verify_failed

Did you run Install\ Certificates.command @torjoshi after appending the cert?

It should be in /Applications/Python 3.x/.

1 Like

I tried according to @hardkothari1988 & other given solutions, but it give the error of “CA Certificate key too weak”. Does anybody know solution for it, I am trying it through office redhat server & jupyter notebook on edge browser

2 Likes

Summary created by AI.

Multiple users are encountering an SSL certificate verify failed error when trying to connect to the OpenAI API with Python. The problems experienced include MaxRetryError, APIConnectionError, and issues related to accessing the API website. Users suggest several methods to resolve the issue:

  1. User k0828 suggests checking if a company’s VPN is blocking access to the OpenAI API, as disabling it solved their problem.
  2. User lpels points out that OpenAI’s verify_ssl_certs variable is set to True by default and setting it to False has no effect.
  3. User hardkothari1988 provides detailed steps to resolve this issue:a. Visit the OpenAI API URL from the browser to get the certificate information.
    b. Locate and download the root certificate file.
    c. Move the downloaded certificate to a desired folder.
    d. Set an environmental variable pointing to this certificate within your application.
    e. Once the environmental variable is sets, the openai library will use the certificate file for validation, resolving the issue.
  4. User avocanite gives additional instructions for users working within a Docker container. They suggest copying the certificates into /usr/local/share/ca-certificates, changing permissions for certificates, and updating the CA certificates. They also suggest setting the REQUESTS_CA_BUNDLE specifically to ‘/etc/ssl/certs/ca-certificates.crt’.

Summarized with AI on Aug 14 2023
AI used: gpt-4-32k

2 Likes

This issue has been persistent for me and none of the above mentioned steps worked for me. I’m not on VPN or inside a docker container. I even tried manually pasting the certificate into my cacert.pem file inside the certifi package.
At my wits end right now.

1 Like

Same issue. Only with Azure OpenAI models, everything works well with OpenAI models without Azure.
I tried to add manually the certificates to my cacert.perm file, but it didn’t work.
I am using Python through Anaconda.
I am using a corporate computer.

Any suggestion?

1 Like

Setting REQUESTS_CA_BUNDLE was the solution for me. Because we use ZScalar, I had to add their root cert into the /etc/ssl/certs/ca-certificates.crt bundle. However certifi has its own ca bundle in ~/.local/lib/python3.10/site-packages/certifi/cacert.pem that is used unless REQUESTS_CA_BUNDLE is set. Phew that only took 3 hours…

2 Likes

I made it work.

As I was using Azure OpenAI, the API endpoint from which to get the certificate was different.

But adding the certificate to the cacert.pem file works.

2 Likes

This is obnoxious on OpenAI’s part. I need to disable certificate verification in my environment. I know what I’m doing.

Here is how to disable certificate verification:

  1. Open api_requestor.py in a text editor. (site-packages/openai/api_requestor.py)

  2. Find the line: s = requests.Session()

  3. Add directly below: s.verify = False

So this section of code in api_requestor.py should now read:

s = requests.Session()
s.verify = False

HTTPS certificates will no longer be verified for any OpenAI api requests.

It should go without saying that this isn’t particularly secure. But if you know the risks, have fun!

1 Like

do same
I try every method ,but no work,i don’t know why
sad

1 Like

This worked for me. Try adding this snippet to your code:

import os 
os.environ['REQUESTS_CA_BUNDLE'] = <path_to_pem_certificate>

You can get the path to pem certificate by simply running:

python3 -m certifi

1 Like

This works perfectly and this should be the most correct way to add a certificate to the runtime env.
I opened the cacerts.pem file (from .venv/Lib/site-packages/certifi folder) in notepad++, also opened the CA certificate I downloaded from openai site in notepad++, copied the contents of the CA certificate, pasted the contents at the end of the content in cacerts.pem file, saved it and You Beauty!! , my python program worked smoothly . Kudos to all you people sharing your valuable solutions! Cheers!
Thanks!

2 Likes

@ewarren 's Python → Install Certificates.command worked.
To be exact:
1- browse on Mac to Applications > Python 3.11
2- double click on “Install Certificates.command”

Copying the certificate from api.openai.c0m/v1/engines into cacert.pem as well as setting REQUESTS_CA_BUNDLE did not work. Btw, the cert I’ve got from engines is Baltimore CyberTrust Root.cer and the sni.cloudflaressl.com.cer. I tried both the chain and single versions of both.

1 Like

I have the same issue. Mac, using Python 3.x through Visual Source Code Editor. ZScaler is being deployed as per company policy.
Company has enabled to access openai.com, I could able to play with playground.

Applied methods:

  1. Install Certificates.command: Did not work
  2. download the certificate (chain and single version) and set REQUESTS_CA_BUNDLE: Did not Work
  3. Copy and Past Certificate to the runtime env: Did not work (as suggested by @kalpeshup )
  4. Added s.verify = False in site-packages/openai/api_requestor.py. It gave a lot of warnings, but it did work. (as suggested by @Wowfunhappy )

Request help

1 Like

Have been facing the same issues. Working on an office laptop with Z-Scaler restrictions and have tried all the above ways to resolve the issue but to no avail.

Could someone help and let me know whether is it easier to resolve the above error if I use my personal laptop thus having no restrictions

I am also facing the ssl error SSLError: HTTPSConnectionPool(host=
openaipublic.blob.core.windows, port=443): Max retries exceeded with url: /encodings/cl100k_base.tiktoken (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)’))).

Can you help me with this

I don’t think the machine is the issue, it seems to be that some companies are blocking openai endpoints. If you wish to bypass that then you could use a mobile device as a WIFI hotspot and use that as your internet connection, that should remove the problem, if that does not work then you have some form of web protection, antivirus software on the machine that also causing issues.

Friends, after trying all the methods you guys have mentioned nothing still works for me, I am using a corporate laptop with z-scaler vpn.

How to solve this problem:
Retrying after connection error…

Summary created by AI.

The members of the forum are discussing an issue related to an SSL certificate verification failure when connecting to the OpenAI API using Python. The users, aporelpan, yuli2.chang, and bkfichter encountered the same SSLError(SSLCertVerificationError) when trying to perform tasks such as embedding responses or calling specific functions from the OpenAI package. Some attempted solutions included opening the link in different browsers, obtaining a new server API, and trying to obtain the server certificates to add to their systems as suggested by freelancer.nak.

However, the users vasundhra362000and review.user.0615 reported issues with accessing the OpenAI website and obtaining the required certificates.

One user, k0828, managed to solve the issue by disabling their company’s VPN, suggesting that it was blocking access to the OpenAI API.

Still, others like dwervin couldn’t find a solution by following suggested steps, expressing doubt about the tenability of the OpenAI library. lpels pointed out that the verify_ssl_certs variable cannot be set to False in the OpenAI config file.

hardkothari1988 posted a detailed solution involving exporting and properly storing a certificate obtained from the API’s certificate info. The solution involved setting a specific environment variable to the certificate pathway.

avocanite confirmed the solution worked for them in a Docker container context but added that they needed to export all certificates in the chain. Following the solution, they updated the certificates and set the REQUESTS_CA_BUNDLE accordingly.

Summarized with AI on Dec 2 2023
AI used: gpt-4-32k