How to solve "pip install" SSL Certificate Verification Failed Error

If you've encountered the frustrating pip install fails with Connection error: SSL certificate verify failed error, you're not alone. This common issue occurs when Python's package installer can't verify the SSL certificate of the Python Package Index (PyPI) or other repositories. Let's explore why this happens and how to fix it properly.

Understanding the SSL Certificate Verification Error

When you run pip install, your system attempts to securely connect to PyPI servers using HTTPS. The error occurs when:

• Your machine doesn't trust the certificate authority that signed PyPI's certificate
• Your system time is incorrect
• You're behind a corporate proxy that intercepts HTTPS traffic
• Python can't find the necessary root certificates

Recommended Solutions

1. Update pip and setuptools (First Try)

       python -m pip install --upgrade pip setuptools       

Often, simply updating pip resolves certificate issues as newer versions handle certificates better.

2. Use the Trusted Host Option (Temporary Workaround)

       pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org package_name       

This tells pip to skip SSL verification for these hosts. Use this only temporarily as it reduces security.

3. Install Certifi Package

       pip install --upgrade certifi       

Certifi provides Mozilla's root certificate bundle that Python can use for verification.

4. Specify Alternative Certificate Path

       pip install --cert /path/to/certificate.crt package_name       

If you have a specific certificate file, you can point pip to it.

5. Permanent Configuration Fix

For a permanent solution, locate your pip configuration file (usually pip.conf or pip.ini) and add:

       [global] trusted-host = pypi.org files.pythonhosted.org       

Or better, configure the proper certificate path:

       [global] cert = /etc/ssl/certs/ca-certificates.crt  # Path varies by OS   

Advanced Solutions

For Corporate Environments with Custom CAs

1. Get your organization's root CA certificate
2. Add it to your system's certificate store or Python's certificate bundle
3. Configure pip to use it

For Outdated Systems

On very old systems, you might need to:

apt-get update && apt-get install ca-certificates  # Debian/Ubuntu yum update ca-certificates  # CentOS/RHEL       

Best Practices

• Don't disable verification permanently - This exposes you to man-in-the-middle attacks
• Keep pip updated - New versions have better certificate handling
• Verify system time - Incorrect date/time can cause certificate validation to fail
• Check your network - Some corporate networks or restrictive countries may interfere with HTTPS

Conclusion

SSL certificate errors with pip can be frustrating but are usually straightforward to resolve. The best approach is to ensure your system has proper root certificates installed rather than disabling verification. By following these solutions, you should be able to get pip working while maintaining secure connections to package repositories.

Remember that if you're in a corporate environment, your IT department may have specific instructions for configuring Python package installation behind company firewalls or proxies.

for reference see the discussion on: https://stackoverflow.com/questions/25981703/pip-install-fails-with-connection-error-ssl-certificate-verify-failed-certi