Environmernt:
Digital Ocean Droplet – Ubuntu 20.04.2 LTS.
Certbot – manage certificated on NGINX
Python:3.10 running in docker container
Nature of error:
On making any request whether I get the SSL: CERTIFICATE_VERIFY_FAILED.
But in a case where my request fails I get a proper 400 error message from the server.
Error: (In this case I’m trying to register)
Internal Server Error: /auth/register/
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/django/core/handlers/exception.py", line 54, in inner
response = get_response(request)
File "/usr/local/lib/python3.10/site-packages/django/core/handlers/base.py", line 197, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/local/lib/python3.10/contextlib.py", line 79, in inner
return func(*args, **kwds)
File "/usr/local/lib/python3.10/site-packages/django/views/decorators/csrf.py", line 55, in wrapper_view
return view_func(*args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/django/views/generic/base.py", line 104, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/local/lib/python3.10/site-packages/rest_framework/views.py", line 509, in dispatch
response = self.handle_exception(exc)
File "/usr/local/lib/python3.10/site-packages/rest_framework/views.py", line 469, in handle_exception
self.raise_uncaught_exception(exc)
File "/usr/local/lib/python3.10/site-packages/rest_framework/views.py", line 480, in raise_uncaught_exception
raise exc
File "/usr/local/lib/python3.10/site-packages/rest_framework/views.py", line 506, in dispatch
response = handler(request, *args, **kwargs)
File "/app/apps/core/views.py", line 45, in post
data = UserService.register_user(email=email, serializer=serializer)
File "/app/apps/core/services/registration.py", line 13, in register_user
MailerClass.send_email(data)
File "/app/apps/core/utils.py", line 20, in send_email
email.send()
File "/usr/local/lib/python3.10/site-packages/django/core/mail/message.py", line 298, in send
return self.get_connection(fail_silently).send_messages([self])
File "/usr/local/lib/python3.10/site-packages/django/core/mail/backends/smtp.py", line 125, in send_messages
new_conn_created = self.open()
File "/usr/local/lib/python3.10/site-packages/django/core/mail/backends/smtp.py", line 90, in open
self.connection.starttls(context=self.ssl_context)
File "/usr/local/lib/python3.10/smtplib.py", line 790, in starttls
self.sock = context.wrap_socket(self.sock,
File "/usr/local/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/local/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)
Error for a failed request: (In this case I’m trying to login with a wrong email)
{
"email": [
"email does not exist"
]
}
I tried reinstalling the certificate with certbot but the issue persists.
Note: This same endpoints worked properly until i added a second domain to certbot
2
Answers
Can’t post commentary yet so I’ll just do that here, I ran into the same problem not a long time ago. If you are working in a compagny, it is possible that they are blocking it (mine was using Zscaler). You could also check for your accepted certificates on your PC.
If it is none of those, here’s a link to someone who ran in almost the same issue : '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
It appears that a valid certificate which should be signed from a trusted CA is missing or certificate is self-signed or signed from the CA where CA chain is not trusted. You need to add that root or self-signed certificate in the trust store of the client.