[英]Python SSL requests and Let's Encrypt certs
I'm struggling at the moment to get the requests library to perform a simple GET
request to a site of mine with a Let's Encrypt certificate. 我现在正在努力让请求库使用Let的加密证书对我的网站执行一个简单的
GET
请求。 All's well with the site and I can access it from Chrome just fine. 一切都很好的网站,我可以从Chrome访问它就好了。 (I'm running OSX El Capitan at the moment).
(我现在正在运行OSX El Capitan)。
First I tried doing a GET
request to the site: 首先,我尝试向网站发出
GET
请求:
>>> import requests
>>> requests.get('https://example.com')
This gives me: 这给了我:
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
I then tried various things, including getting hold of the Let's Encrypt authority certificate , and the following openssl
command verifies my site's certificate successfully: 然后,我尝试了各种各样的事情,包括获取Let的加密权限证书 ,以下
openssl
命令成功验证我的站点的证书:
> openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443
The output of which included the following towards the bottom: 其输出包括以下内容:
...
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: ...
Session-ID-ctx:
Master-Key: ...
Key-Arg : None
Start Time: 1452865123
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Perhaps I'm missing something here, but it looks to me as though my site's been verified according to the Let's Encrypt authority certificate I supplied. 也许我在这里遗漏了一些东西,但它看起来好像我的网站已经根据我提供的Let's Encrypt授权证书进行了验证。 So, I happily changed my Python code to:
所以,我很高兴地将我的Python代码更改为:
>>> requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')
But I still keep getting the requests.exceptions.SSLError
error. 但我仍然不断收到
requests.exceptions.SSLError
错误。 I've also tried using the DER
format of the authority certificate, but then I get the following error from requests
: 我也尝试使用权威证书的
DER
格式,但后来我从requests
得到以下错误:
requests.exceptions.SSLError: unknown error (_ssl.c:2825)
Can anybody perhaps educate me as to how to go about fixing this? 任何人都可以教我如何解决这个问题吗?
听起来您机器上的CA CERTS不是最新的,或者Web服务器未配置为服务于完整的证书链。
On OSX you can export all the certs in your keychain access to a .pem file and then point requests to that file: http://movingpackets.net/2015/03/18/telling-openssl-about-your-root-certificates/ 在OSX上,您可以将钥匙串访问中的所有证书导出到.pem文件,然后将请求指向该文件: http : //movingpackets.net/2015/03/18/telling-openssl-about-your-root-certificates /
CA_BUNDLE = path_to_your_exported_file.pem
response = requests.get(user_account_url, verify=CA_BUNDLE)
For any lost soul that stumbled upon this post while looking for a Windows Fix for this issue. 对于任何迷失的灵魂,在寻找此问题的Windows修补程序时偶然发现了这篇文章。
Using Chrome: 使用Chrome:
Disclaimer: Using Chrome 67.0.3396.99 with Windows 10 64-Bit. 免责声明:使用Chrome 67.0.3396.99与Windows 10 64位。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.