Python certificate verify failed: unable to get local issuer certificate

Question

I am a novice programmer so pardon my mistakes. I have written the below code to verify a list of Websites are still active and all my work is based off this problem statement.

The script is able to check most sites but stumbled with below error for https://precisionit.net/

<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)>

The above URL opens fine in Firefox and Chrome but fails to open in Python code. I have updated certifi and used it in my code as suggested by many folks but the error would not go away.

I am using Conda Python Env and I also executed the below command

conda install -c conda-forge certifi

There were multiple posts that suggested running "Install Certificates.command" which does not apply to Conda Python so I downloaded Python 3.9 installer and executed "Install Certificates.command" and executed the script with Python 3.9 yet no luck. I feel the issue is that even with latest version of certifi the sites certificate is not validated. Although certifi page says the list is based off Mozilla’s root certificates I guess it's not an exact replica which is why Firefox is able to open the site. Not sure if my understanding makes sense and will be glad to be corrected.

Pasting my script below. I am not sure what else needs to be done to fix the issue, kindly advise.

import urllib.request
import sys
import certifi
import ssl

def checkURL(url):
    try: 
        
        hdr = { 'User-Agent' : 'Mozilla/79.0 (Windows NT 6.1; Win64; x64)' }
        req=urllib.request.Request(url,headers=hdr)
        r = urllib.request.urlopen(req,timeout=100,context=ssl.create_default_context(cafile=certifi.where()))
        
    except Exception as e:
        #print(r.read())
        print('Failed Connecting to Website')
        print(e)
        return(1)

    print(r.status)
    finalurl = r.geturl()
    if r.status==200:
        print(finalurl)
        return(0)
    else:
        print("Website Not Found")
        return(2)

checkURL('https://precisionit.net/')

Answer 1

first : save the site public key as base74 second: add code for verfify with your saved file.

enter image description here

with requests.Session() as s:    
        CC_host = 'https://precisionit.net'    
        first_page = s.get(CC_host,verify='./theSiteCert.cer')    
        html = first_page.text    
        print(html)    

Answer 2

I had a similar problem, and this is how I solved it.

First, check who the issuer of the site certificate is. You can do this in many ways (check in the browser, connect using openssl ...).

Easiest is probably to just go to https://www.digicert.com/help/ and search for https://precisionit.net.

You are likely missing Sectigo RSA Domain Validation Secure Server CA. Just go to their site (https://support.sectigo.com/Com_KnowledgeDetailPage?Id=kA01N000000rfBO) and download it.

Then get the location of the cacert.pem file where your certificates are saved with certifi.where(), and simply add the contents of the certificate you downloaded to said file.

The certificate should be in form

-----BEGIN CERTIFICATE-----  
... some base64 encoded stuff ...  
-----END CERTIFICATE-----