The below code is for getting the regions.
import boto3
ec2 = boto3.client('ec2', 'region-name')
print(ec2.describe_regions())
On executing this code on my machine, I'm getting this error.
botocore.exceptions.SSLError: SSL validation failed for https://ec2.region-name.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)
I am running this code on Windows 10 machine with VS code as my editor. I looked for other answers where they required to install Install Certificates.command
file. However, looks like it is found on macOS only.
Can someone tell me the reason for this issue as well?
Also, last week got a notification from AWS that they are updating all their AWS FIPS endpoints to TLS 1.2 and hence need to connect to TLS version 1.2 FIPS endpoints. I checked my TLS version here. It says I have TLS version 1.2. Is there anything related to this? Because prior to this notification, my script was running perfectly.
Please someone tell the reason for this error and possible correction. Also, correct me if I mentioned something wrong with my understanding.
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate
is because Python ssl
library can't find certificates on your local machine to verify against.
One way to debug is to see if you have your ca_bundle
set to something else:
python -c "from botocore.session import Session; print(Session().get_config_variable('ca_bundle'))"
If it doesn't print anything, then it uses default path. You can check default path by:
python -c "import ssl; print(ssl.get_default_verify_paths())"
If ca_bundle
prints something, then it's set by AWS_CA_BUNDLE
environment variable or by aws configure set default.ca_bundle <some path>
in the past. Also check ~/.aws/config
if you accidentally setting it there (config file location for Windows: https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html).
Install Certificates.command
is basically a Python script that you can run yourself https://gist.github.com/marschhuynh/31c9375fc34a3e20c2d3b9eb8131d8f3 . Save as install-cert.py
and run it python install-cert.py
This question has already been answered on Stack Overflow before.
Try out the following solutions:
Note: There is another solution related to disabling the SSL verification but that is not recommended.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With