local issuer certificate error uniquely in docker with python

Question

Following error occurs only with docker app in python when making request to an https url.

<urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)>

Outside of docker, the app works. I can fetch the same URL inside the docker image of other language app such as dotnet.

I have tried:

1. RUN update-ca-certificates
2. Install certfi library and manually supply the certificates during making the call
3. Manually insert the certificates that comes with certify library in different locations of docker images such as /usr/local/share/ca-certificates/, /etc/ssl/certs/ and RUN update-ca-certificates
4. Tried different versions (3.6.9, 3.8.4) and providers (alpine, buster, slim-buster ) of python.
5. Setting different env variables such as REQUESTS_CA_BUNDLE, SSL_CERT_FILE etc.
6. Use different libraries such as requests, urllib, urllib3

.... and really large number of different things.

It of course works when I turn the verify off, but I want to keep verification.

Answer 1

I was having this issue in an ARM Ubuntu 20.04 container.

I installed ca-certificates and curl, but I still couldn't use curl. For me the fix ended up being adding the following before calling curl:

export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt