pip install ssl certificate_verify_failed

pip install ssl certificate_verify_failed

summary:

I got this error when the pip cannot verify the SSL certificate of the Python package repository while installing packages on windows, linux or Ubuntu. This is majorly seen inside virtual environment , corporate networks, or fresh Python installations

What This Error Means

When we run the command pip install, pip connects securely via HTTPS to package repositories like pypi.org. Before moving ahead, Python performs an SSL certificate verification to ensure the connection is secure and trusted.

In simple words, error means:

  • pip attempted to establish a secure HTTPS connection
  • SSL certificate validation failed
  • pip blocked the download to prevent a potential security risk

We can see this error in:

  • Terminal / Command Prompt while running pip install
  • IDE terminals (VS Code, PyCharm)
  • Jupyter Notebook when installing packages with !pip
  • CI/CD pipelines or Docker build logs

Example:

I had faced the ssl certificate_verify_failed error while installing a requests package using pip inside a virtual environment.

Error i got

Pip install requests

pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

Collecting requests

Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/requests/

Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/requests/

Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/requests/

Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/requests/

Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError("Can't connect to HTTPS URL because the SSL module is not available.")': /simple/requests/

Could not fetch URL https://pypi.org/simple/requests/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/requests/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping

Could not find a version that satisfies the requirement requests (from versions: )

No matching distribution found for requests

pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping

What Causes pip install ssl certificate_verify_failed Error mean?

Below are the most common ones which I have encountered.

1. Missing or Outdated CA Certificates

As mentioned in my other blog “ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed” the common cause be missing or outdated CA certificates

pip relies on a bundle of trusted Certificate Authority (CA) certificates to verify HTTPS connections.

If these certificates are:

  • Missing
  • Outdated
  • Corrupted

pip cannot verify PyPI’s SSL certificate.

Example that triggers the error:

pip install requests

This kind of behaviour is common on:

  • Fresh Windows installations
  • Minimal Linux servers
  • Docker containers
  • Older Python builds

2. Virtual Environments & pip Mismatch

I also checked for which pip I was using and pip versions because the issue is not the pip itself but which pip you’re using.

Common scenarios:

  • Using system pip vs virtualenv pip
  • Multiple Python versions installed
  • Conda, Poetry, or pyenv managing Python
  • pip not aligned with the active interpreter

If we are not using correct pip them we may lead to incorrect or missing certificate paths

3. Corporate Proxy or SSL Inspection

In corporate or enterprise networks:

  • HTTPS traffic may pass through a proxy
  • SSL certificates may be re-signed internally
  • pip does not trust the proxy’s certificate by default

This causes SSL verification to fail even though:

  • The URL works in a browser
  • Internet connectivity is fine

How I Fixed certificate_verify_failed Error while installing python packages (Step-by-Step)

✅Identifing the root cause

  • Get full pip error output using the -v verbose mode
  • Python version and pip version
  • Check if the error happens only inside a virtual environment
python --version
pip --version
pip debug --verbose

This helped me confirm whether pip knew where to find trusted certificates.

✅ Apply the Fix

Incorrect approach which is unsafe

pip install <package_name> --trusted-host pypi.org --trusted-host files.pythonhosted.org
pip install requests --trusted-host pypi.org --trusted-host files.pythonhosted.org

Above command bypasses SSL verification and should not be used permanently.

✅ Correct fixes (recommended)

Fix 1: Upgrade pip and certifi

python -m pip install --upgrade pip certifi, pip-system-certs

pip uses certifi for SSL trust, so updating it resolves most issues.

Fix 2: Explicitly tell pip which certificates to use

pip install requests --cert $(python -m certifi)

Fix 3: Linux / Ubuntu – install system CA certificates

sudo apt update
sudo apt install -y ca-certificates
sudo update-ca-certificates
pip install requests

Fix 4: Windows-specific fix

  • Reinstall Python from python.org
  • “Install certificates” step completes
  • Python is added to PATH
python -m pip install --upgrade certifi

Fix 5: Corporate proxy / custom CA

pip config set global.cert /path/to/company-ca.pem

✅ Step 3: Verify the Fix

  • Re-ran pip install
  • Confirmed packages installed without SSL errors
  • Verified the fix worked inside virtual environments
  • In CI/Docker, I rebuilt the image to confirm persistence

Common Mistakes That Trigger This Error

  • Disabling SSL verification permanently
  • Using outdated pip versions
  • Mixing system Python and virtualenv Python
  • Forgetting to install ca-certificates on Linux
  • Running pip behind a proxy without configuration
  • Assuming browser HTTPS success means pip will work

How to Prevent This Error in Production

Best Practices

  • Always upgrade pip on new systems
  • Pin Python versions
  • Use official Python base images in Docker
  • Keep CA certificates updated

Defensive Setup Example

python -m pip install --upgrade pip certifi setuptools wheel

Run this as part of:

  • Server setup
  • Dockerfile build
  • CI pipeline

Frequently Asked Questions (FAQ)

❓ Is getting certificate_verify_failed error while installing a package a Python bug?
No, it’s not as pip correctly tries to enforce SSL security. The issue is environmental, not a Python defect.

❓ Can this happen in production?
Yes. We can see this error in Docker builds, CI/CD pipelines, and cloud servers.

❓ Is there a quick fix?
Yes, try to update pip, pip-system-certs and certifi.

Author’s Note

I have seen the error while install packages like spacy, requests etc. Once I updated pip and certifi the error went away.

Tested Python versions: 3.8 – 3.12
OS: Windows, Ubuntu, Docker

You can read our other blog on ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed

Related Posts

Subscribe
Subscribe