Python Server Specific SSL Certification Error [duplicate]











up vote
3
down vote

favorite













This question already has an answer here:




  • SSL error with Python requests despite up-to-date dependencies

    2 answers



  • Python Requests not handling missing intermediate certificate only from one machine

    1 answer




I'm trying to download a PDF from the following address:
https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



I've been using the requests library like this:



url = 'https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf'
site = requests.get(url)
with open('outfile.pdf','wb') as outfile:
outfile.write(site.content)


This week, I started receiving the following SSL error:



HTTPSConnectionPool(host='www1.sce.com', port=443): Max retries exceeded with url: /NR/sc3/tm2/pdf/ce12-12.pdf (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)'),))



I've noticed that when I download the PDF in Chrome (via Dev Tools network monitoring), the GET request in the web browser returns code 302 and then makes a different GET request to the following url:



https://www1.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



If I tweak the code above and make a GET request with that URL, I receive the same SSL errors.



I've used this same code to download different PDFs from a different site, without errors:



url2 = 'https://www.pge.com/tariffs/assets/pdf/tariffbook/ELEC_SCHEDS_A-1.pdf'
site2 = requests.get(url2)
with open('outfile2.pdf','wb') as outfile:
outfile.write(site2.content)


I updated SSL on my computer and recompiled Python to use the updated SSL configuration. I get the following output when I run this in Python:



import ssl
print(ssl.OPENSSL_VERSION)
>>>OpenSSL 1.0.2h 3 May 2016


I can get the first URL to download if I specify "verify=False" in the requests command, but I'd prefer not to do that.



Does anyone have any insight as to what's going on? I think my SSL is working correctly in general, because the second HTTPS request goes through without an issue. I think there is something else going on specific to the way the first URL deals with requests, but I'm not exactly sure. The only discernible difference I've seen between url and url2 is that url has a cookie in the request header. There are no cookies in the request header for url2.



I'm running Python 3.5.2 and version 2.20.1 of the requests library.



Thanks in advance.










share|improve this question













marked as duplicate by Steffen Ullrich ssl
Users with the  ssl badge can single-handedly close ssl questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
Nov 20 at 5:21


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 1




    The server does not provide a proper certificate chain. You will have to add the intermediate certificate(s) to your trust store. How that happens depends on your OS.
    – Klaus D.
    Nov 20 at 2:38












  • The server is broken - incomplete trust chain. You can get the missing chain certificate from here. Download it as PEM and it it to your trust store as described in the answers to the other questions.
    – Steffen Ullrich
    Nov 20 at 5:23










  • Thanks for the link Steffen! I downloaded the pem certificate and added it to the end of the certificates file that the certifi Python library is using. That fixed my problem!
    – RainbowSchubert
    Nov 20 at 19:09















up vote
3
down vote

favorite













This question already has an answer here:




  • SSL error with Python requests despite up-to-date dependencies

    2 answers



  • Python Requests not handling missing intermediate certificate only from one machine

    1 answer




I'm trying to download a PDF from the following address:
https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



I've been using the requests library like this:



url = 'https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf'
site = requests.get(url)
with open('outfile.pdf','wb') as outfile:
outfile.write(site.content)


This week, I started receiving the following SSL error:



HTTPSConnectionPool(host='www1.sce.com', port=443): Max retries exceeded with url: /NR/sc3/tm2/pdf/ce12-12.pdf (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)'),))



I've noticed that when I download the PDF in Chrome (via Dev Tools network monitoring), the GET request in the web browser returns code 302 and then makes a different GET request to the following url:



https://www1.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



If I tweak the code above and make a GET request with that URL, I receive the same SSL errors.



I've used this same code to download different PDFs from a different site, without errors:



url2 = 'https://www.pge.com/tariffs/assets/pdf/tariffbook/ELEC_SCHEDS_A-1.pdf'
site2 = requests.get(url2)
with open('outfile2.pdf','wb') as outfile:
outfile.write(site2.content)


I updated SSL on my computer and recompiled Python to use the updated SSL configuration. I get the following output when I run this in Python:



import ssl
print(ssl.OPENSSL_VERSION)
>>>OpenSSL 1.0.2h 3 May 2016


I can get the first URL to download if I specify "verify=False" in the requests command, but I'd prefer not to do that.



Does anyone have any insight as to what's going on? I think my SSL is working correctly in general, because the second HTTPS request goes through without an issue. I think there is something else going on specific to the way the first URL deals with requests, but I'm not exactly sure. The only discernible difference I've seen between url and url2 is that url has a cookie in the request header. There are no cookies in the request header for url2.



I'm running Python 3.5.2 and version 2.20.1 of the requests library.



Thanks in advance.










share|improve this question













marked as duplicate by Steffen Ullrich ssl
Users with the  ssl badge can single-handedly close ssl questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
Nov 20 at 5:21


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.











  • 1




    The server does not provide a proper certificate chain. You will have to add the intermediate certificate(s) to your trust store. How that happens depends on your OS.
    – Klaus D.
    Nov 20 at 2:38












  • The server is broken - incomplete trust chain. You can get the missing chain certificate from here. Download it as PEM and it it to your trust store as described in the answers to the other questions.
    – Steffen Ullrich
    Nov 20 at 5:23










  • Thanks for the link Steffen! I downloaded the pem certificate and added it to the end of the certificates file that the certifi Python library is using. That fixed my problem!
    – RainbowSchubert
    Nov 20 at 19:09













up vote
3
down vote

favorite









up vote
3
down vote

favorite












This question already has an answer here:




  • SSL error with Python requests despite up-to-date dependencies

    2 answers



  • Python Requests not handling missing intermediate certificate only from one machine

    1 answer




I'm trying to download a PDF from the following address:
https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



I've been using the requests library like this:



url = 'https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf'
site = requests.get(url)
with open('outfile.pdf','wb') as outfile:
outfile.write(site.content)


This week, I started receiving the following SSL error:



HTTPSConnectionPool(host='www1.sce.com', port=443): Max retries exceeded with url: /NR/sc3/tm2/pdf/ce12-12.pdf (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)'),))



I've noticed that when I download the PDF in Chrome (via Dev Tools network monitoring), the GET request in the web browser returns code 302 and then makes a different GET request to the following url:



https://www1.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



If I tweak the code above and make a GET request with that URL, I receive the same SSL errors.



I've used this same code to download different PDFs from a different site, without errors:



url2 = 'https://www.pge.com/tariffs/assets/pdf/tariffbook/ELEC_SCHEDS_A-1.pdf'
site2 = requests.get(url2)
with open('outfile2.pdf','wb') as outfile:
outfile.write(site2.content)


I updated SSL on my computer and recompiled Python to use the updated SSL configuration. I get the following output when I run this in Python:



import ssl
print(ssl.OPENSSL_VERSION)
>>>OpenSSL 1.0.2h 3 May 2016


I can get the first URL to download if I specify "verify=False" in the requests command, but I'd prefer not to do that.



Does anyone have any insight as to what's going on? I think my SSL is working correctly in general, because the second HTTPS request goes through without an issue. I think there is something else going on specific to the way the first URL deals with requests, but I'm not exactly sure. The only discernible difference I've seen between url and url2 is that url has a cookie in the request header. There are no cookies in the request header for url2.



I'm running Python 3.5.2 and version 2.20.1 of the requests library.



Thanks in advance.










share|improve this question














This question already has an answer here:




  • SSL error with Python requests despite up-to-date dependencies

    2 answers



  • Python Requests not handling missing intermediate certificate only from one machine

    1 answer




I'm trying to download a PDF from the following address:
https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



I've been using the requests library like this:



url = 'https://www.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf'
site = requests.get(url)
with open('outfile.pdf','wb') as outfile:
outfile.write(site.content)


This week, I started receiving the following SSL error:



HTTPSConnectionPool(host='www1.sce.com', port=443): Max retries exceeded with url: /NR/sc3/tm2/pdf/ce12-12.pdf (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)'),))



I've noticed that when I download the PDF in Chrome (via Dev Tools network monitoring), the GET request in the web browser returns code 302 and then makes a different GET request to the following url:



https://www1.sce.com/NR/sc3/tm2/pdf/ce12-12.pdf



If I tweak the code above and make a GET request with that URL, I receive the same SSL errors.



I've used this same code to download different PDFs from a different site, without errors:



url2 = 'https://www.pge.com/tariffs/assets/pdf/tariffbook/ELEC_SCHEDS_A-1.pdf'
site2 = requests.get(url2)
with open('outfile2.pdf','wb') as outfile:
outfile.write(site2.content)


I updated SSL on my computer and recompiled Python to use the updated SSL configuration. I get the following output when I run this in Python:



import ssl
print(ssl.OPENSSL_VERSION)
>>>OpenSSL 1.0.2h 3 May 2016


I can get the first URL to download if I specify "verify=False" in the requests command, but I'd prefer not to do that.



Does anyone have any insight as to what's going on? I think my SSL is working correctly in general, because the second HTTPS request goes through without an issue. I think there is something else going on specific to the way the first URL deals with requests, but I'm not exactly sure. The only discernible difference I've seen between url and url2 is that url has a cookie in the request header. There are no cookies in the request header for url2.



I'm running Python 3.5.2 and version 2.20.1 of the requests library.



Thanks in advance.





This question already has an answer here:




  • SSL error with Python requests despite up-to-date dependencies

    2 answers



  • Python Requests not handling missing intermediate certificate only from one machine

    1 answer








python python-3.x ssl python-requests ssl-certificate






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 20 at 1:49









RainbowSchubert

283




283




marked as duplicate by Steffen Ullrich ssl
Users with the  ssl badge can single-handedly close ssl questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
Nov 20 at 5:21


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.






marked as duplicate by Steffen Ullrich ssl
Users with the  ssl badge can single-handedly close ssl questions as duplicates and reopen them as needed.

StackExchange.ready(function() {
if (StackExchange.options.isMobile) return;

$('.dupe-hammer-message-hover:not(.hover-bound)').each(function() {
var $hover = $(this).addClass('hover-bound'),
$msg = $hover.siblings('.dupe-hammer-message');

$hover.hover(
function() {
$hover.showInfoMessage('', {
messageElement: $msg.clone().show(),
transient: false,
position: { my: 'bottom left', at: 'top center', offsetTop: -7 },
dismissable: false,
relativeToBody: true
});
},
function() {
StackExchange.helpers.removeMessages();
}
);
});
});
Nov 20 at 5:21


This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.










  • 1




    The server does not provide a proper certificate chain. You will have to add the intermediate certificate(s) to your trust store. How that happens depends on your OS.
    – Klaus D.
    Nov 20 at 2:38












  • The server is broken - incomplete trust chain. You can get the missing chain certificate from here. Download it as PEM and it it to your trust store as described in the answers to the other questions.
    – Steffen Ullrich
    Nov 20 at 5:23










  • Thanks for the link Steffen! I downloaded the pem certificate and added it to the end of the certificates file that the certifi Python library is using. That fixed my problem!
    – RainbowSchubert
    Nov 20 at 19:09














  • 1




    The server does not provide a proper certificate chain. You will have to add the intermediate certificate(s) to your trust store. How that happens depends on your OS.
    – Klaus D.
    Nov 20 at 2:38












  • The server is broken - incomplete trust chain. You can get the missing chain certificate from here. Download it as PEM and it it to your trust store as described in the answers to the other questions.
    – Steffen Ullrich
    Nov 20 at 5:23










  • Thanks for the link Steffen! I downloaded the pem certificate and added it to the end of the certificates file that the certifi Python library is using. That fixed my problem!
    – RainbowSchubert
    Nov 20 at 19:09








1




1




The server does not provide a proper certificate chain. You will have to add the intermediate certificate(s) to your trust store. How that happens depends on your OS.
– Klaus D.
Nov 20 at 2:38






The server does not provide a proper certificate chain. You will have to add the intermediate certificate(s) to your trust store. How that happens depends on your OS.
– Klaus D.
Nov 20 at 2:38














The server is broken - incomplete trust chain. You can get the missing chain certificate from here. Download it as PEM and it it to your trust store as described in the answers to the other questions.
– Steffen Ullrich
Nov 20 at 5:23




The server is broken - incomplete trust chain. You can get the missing chain certificate from here. Download it as PEM and it it to your trust store as described in the answers to the other questions.
– Steffen Ullrich
Nov 20 at 5:23












Thanks for the link Steffen! I downloaded the pem certificate and added it to the end of the certificates file that the certifi Python library is using. That fixed my problem!
– RainbowSchubert
Nov 20 at 19:09




Thanks for the link Steffen! I downloaded the pem certificate and added it to the end of the certificates file that the certifi Python library is using. That fixed my problem!
– RainbowSchubert
Nov 20 at 19:09

















active

oldest

votes






















active

oldest

votes













active

oldest

votes









active

oldest

votes






active

oldest

votes

Popular posts from this blog

404 Error Contact Form 7 ajax form submitting

How to know if a Active Directory user can login interactively

Refactoring coordinates for Minecraft Pi buildings written in Python