ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY

Summary: Error occurs when Python cannot verify the SSL/TLS certificate of a remote server while making HTTPS requests, installing packages using pip or calling APIs in scripts, virtual environments, Docker containers or production servers.

Checkout cool headphones on Amazon

What does ssl certificate_verify_failed mean ?

While making an HTTPS request using Python we need to verify the server’s SSL certificate is trusted, valid and issued by a known Certificate Authority (CA). This error means:

Python tried to have a secure connection to a requested server
But the SSL certificate verification step failed
Python aborted the connection for security reasons

I have actually encountered this error in the following places:

Terminal (pip install, curl-like operations)
IDE logs (VS Code, PyCharm)
Jupyter Notebook when calling APIs
Production logs (Flask, FastAPI, Django, background workers)

Example:

Recently while hitting an external 3rd party API using requests library in python i had got the error “ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed”

Why did ssl certificate_verify_failed?

The error can come due to several real world reasons. Below are few common errors which I have seen in production

1. Missing or Outdated CA Certificates

Python relies on a bundle of trusted root certificates to verify HTTPS connections. If this certificate bundle is

Missing
Outdated
Corrupted

Python is unable to verify the server certificate.

Example that triggers the error:

import requests

requests.get("https://api.github.com")

This often happens on:

Fresh OS installs
Minimal Docker images
Corporate machines with custom SSL inspection

2. Virtual Environments & pip Issues

Sometimes Virtual environments are not able to inherit system certificates correctly. Common scenarios:

Using pip inside a venv
Conda or Poetry managing Python
Mixing system Python with venv Python

This is why the error is very common during:

pip install <package>

Especially on:

Windows
macOS
Corporate networks

Proxy, MITM, or Self-Signed Certificates

I had created a self signed SSL certificate using openssl for my college project for which I had the same error when I tried to hit the API served on the server by using a client machine. In enterprise or cloud environments:

Traffic may go through a proxy
SSL may be inspected
APIs may use self-signed certificates

Python rejects these by default because they are not trusted. Examples:

Docker containers behind a corporate proxy
Internal APIs with self-signed certs
Cloud SDKs (AWS, Azure, GCP) on restricted networks

how to fix ssl certificate_verify_failed error in python (Step-by-Step)

Step 1: Identify the Root Cause

First I had checked:

Full traceback
Whether the error happens in all environments or only one
Whether HTTPS works in the browser but not in Python

I also had tested:

import ssl
print(ssl.get_default_verify_paths())

This helped me confirm that whether Python knew where to find trusted certificates.

Step 2: Apply the Fix

Incorrect approach

requests.get("https://example.com", verify=False)

Disableing SSL verification is dangerous in production.

Corrected approaches (safe fixes)

Option 1: Update certificates

pip install --upgrade urllib3 pyopenssl requests certify certifi

import certifi
import requests

requests.get(
    "https://example.com",
    verify=certifi.where()
)

Option 2: Fix system certificates (Linux / Docker)

sudo apt update
sudo apt install -y ca-certificates
sudo update-ca-certificates

For Docker:

RUN apt-get update && apt-get install -y ca-certificates

Option 3: For Corporate proxy / custom CA

requests.get(
    "https://internal-api.company.com",
    verify="/path/to/company-ca.pem"
)

Step 3: Let us now verify the Fix

Re-ran the script
Confirmed HTTPS requests succeeded
Verified no verify=False shortcuts were left behind

Common Mistakes That Trigger This Error

Using verify=False as a permanent fix
Forgetting to install ca-certificates in Docker
Mixing system Python and virtualenv Python
Using outdated Python versions
Running behind a proxy without configuring SSL
Assuming “it works in browser” means Python will trust it

How to Prevent This Error in Production

Always keep CA certificates updated
Pin dependencies using requirements.txt or pyproject.toml
Avoid disabling SSL verification
Use official base images for Docker

Defensive Coding Example

import requests
import certifi

def safe_get(url):
    return requests.get(url, verify=certifi.where(), timeout=10)

Related Python Errors You May Face Next

requests.exceptions.SSLError
urllib3.exceptions.SSLError
ConnectionError: Max retries exceeded
TimeoutError
ProxyError

Frequently Asked Questions (FAQ)

Is this a Python error? No, it is not actually Python is enforcing SSL security. The error is related to configuration and installation of SSL certificates. Does the ssl.SSLCertVerificationError depend on Python version? Yes, there are chances of as the Older Python versions ship with outdated certificate bundles, increasing the likelihood of this error. Can this happen in production? Absolutely yes, It is a common error in Docker, cloud servers, CI/CD pipelines, and corporate networks.

Author’s Personal Experience

I was working on Python backend services, API integrations, and Dockerized applications at that time I faced this error. After debugging it on local machines, Linux servers, and cloud setups, I had found that missing, outdated dependencies, mismatched CA certificates or configuration was the real issue. Once I had fixed the certificate chain the error disappeared consistently across environments. Tested Python versions: 3.9 – 3.12 OS: Windows, Ubuntu, Docker You can also read our other blog on Solving error: module datetime has no attribute “now” in Python.