CODEWITHSUNDEEP
python-3.xmongodbsslmongodb-atlaspymongo-3.x
MaxwellN
MaxwellN

Reputation: 927

PyMongo [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate

I'm using Python 3.9.5 and PyMongo 3.11.4. The version of my MongoDB database is 4.4.6. I'm using Windows 8.1

I'm learning MongoDB and I have a cluster set up in Atlas that I connect to. Whenever I try to insert a document into a collection, a ServerSelectionTimeoutError is raised, and inside its parentheses there are several [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate.

Troubleshooting TLS Errors in the PyMongo docs weren't too much help as they only provided tips for Linux and macOS users.

It's worth mentioning that if I set tlsAllowInvalidCertificates=True when initializing my MongoClient, everything works fine. That sounds insecure, and while I am working on a small project, I would still like to develop good habits and not override any security measures in place, so I'm hoping there is an alternative to that.

From all the searching I've done, I'm guessing that I'm missing certain certificates, or that Python can't find them. I've looked into the certifi package, but this part of the docs makes it seem that should only be necessary if I'm using Python 2.x, which I'm not.

So yeah, I'm kind of stuck right now.

Upvotes: 23

Views: 23556

Answers (8)

ruva
ruva

Reputation: 51

Insted of using workarounds, set the python environment variables: the environment variable ‘SSL_CERT_FILE’ the environment variable ‘SSL_CERT_DIR’

Source: https://community.openai.com/t/ssl-certificate-verify-failed-certificate-verify-failed-self-signed-certificate-in-certificate-chain/705003/10

In the terminal, the environment variable SSL_CERT_DIR was set to /etc/ssl/certs, but in PyCharm environment, nothing was set so default (‘…/python3.8/site-packages/certifi/cacert.pem’ by certifi.where()) was used.

I had the same issue but with Docker, when running the image I got error "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)"

Upvotes: 0

Villali
Villali

Reputation: 31

Step 1:

pip install certifi

Step 2:

client = pymongo.MongoClient(connection, tlsCAFile=certifi.where())

Upvotes: 3

Andres Castañeda
Andres Castañeda

Reputation: 220

I saw an answer that worked for me, it appears i had not yet installed the python certificates on my mac, so from the following path i went and installed it

/Applications/Python 3.10/Install Certificates.command

Only change the version of your python, after that everything, worked fine for me

PS: I had been trying to solve the problem for half a day, I even asked ChatGPT

enter image description here

Upvotes: 6

Molla Manie
Molla Manie

Reputation: 11

Add

ssl=true&ssl_cert_reqs=CERT_NONE

after db name of your url string works fine

"mongodb+srv://username:[email protected]/DbName?**ssl=true&ssl_cert_reqs=CERT_NONE**&retryWrites=true&w=majority"

Upvotes: 1

Shiv Sharan Kumar
Shiv Sharan Kumar

Reputation: 1

This happens in django as well just add the above code to your settings.py in Django:

DATABASE = {
'default': {
'ENGINE': 'djongo',
 "CLIENT": {
           "name": <your_database_name>,
           "host": <your_connection_string>,
           "username": <your_database_username>,
           "password": <your_database_password>,
           "authMechanism": "SCRAM-SHA-1",
        },
    }
}

But in host you may get this issue:

"pymongo.errors.ServerSelectionTimeoutError:"[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)

So for this you can add:

"mongodb+srv://sampleUser:[email protected]/sampleDB??ssl=true&ssl_cert_reqs=CERT_NONE&retryWrites=true&w=majority"

Upvotes: 0

yasser azelmad
yasser azelmad

Reputation: 71

By default, pymongo relies on the operating system’s root certificates. You need to install certifi:

pip install certifi

It could be that Atlas itself updated its certificates or it could be that something on your OS changed. “certificate verify failed” often occurs because OpenSSL does not have access to the system’s root certificates or the certificates are out of date. For how to troubleshoot see TLS/SSL and PyMongo — PyMongo 3.12.0 documentation 107.

So try:

client = pymongo.MongoClient(connection, tlsCAFile=certifi.where())

Upvotes: 4

chamod rathnayake
chamod rathnayake

Reputation: 981

In Flask server I solved by using:

import certifi

app = Flask(__name__)
app.config['MONGO_URI'] = 
'mongodb+srv://NAME:<PWD><DBNAME>.9xxxx.mongodb.net/<db>? retryWrites=true&w=majority' 
mongo = PyMongo(app,tlsCAFile=certifi.where())
collection_name = mongo.db.collection_name

Upvotes: 13

MaxwellN
MaxwellN

Reputation: 927

Well, I eventually decided to install certifi and it worked.

client = MongoClient(CONNECTION_STRING, tlsCAFile=certifi.where())

Wish the docs were a bit clearer on this, but maybe I just didn't look hard enough.

Upvotes: 53

Related Questions