stackoom
  简体   繁体   中英

“SSL: CERTIFICATE_VERIFY_FAILED” Error when publish MQTT, AWS IoT

 原文  2020-12-14 08:07:29       python/ aws-lambda/ boto3/ aws-sam-cli

Question

I am getting the following error:

[ERROR] SSLError: SSL validation failed for https://data.iot.ap-northeast-2.amazonaws.com/topics/app%2Ftest%2Fresponse?qos=1 [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1124)
Traceback (most recent call last):
  File "/var/task/app.py", line 197, in lambda_handler
    mqttcli.test('test', '11111', {}, 1, 200)
  File "/opt/python/lib/python3.8/site-packages/connectors/MQTTClient.py", line 40, in test
    response = self._iot_client.publish(
  File "/var/task/botocore/client.py", line 357, in _api_call
    return self._make_api_call(operation_name, kwargs)
  File "/var/task/botocore/client.py", line 662, in _make_api_call
    http, parsed_response = self._make_request(
  File "/var/task/botocore/client.py", line 682, in _make_request
    return self._endpoint.make_request(operation_model, request_dict)
  File "/var/task/botocore/endpoint.py", line 102, in make_request
    return self._send_request(request_dict, operation_model)
  File "/var/task/botocore/endpoint.py", line 136, in _send_request
    while self._needs_retry(attempts, operation_model, request_dict,
  File "/var/task/botocore/endpoint.py", line 253, in _needs_retry
    responses = self._event_emitter.emit(
  File "/var/task/botocore/hooks.py", line 356, in emit
    return self._emitter.emit(aliased_event_name, **kwargs)
  File "/var/task/botocore/hooks.py", line 228, in emit
    return self._emit(event_name, kwargs)
  File "/var/task/botocore/hooks.py", line 211, in _emit
    response = handler(**kwargs)
  File "/var/task/botocore/retryhandler.py", line 183, in __call__
    if self._checker(attempts, response, caught_exception):
  File "/var/task/botocore/retryhandler.py", line 250, in __call__
    should_retry = self._should_retry(attempt_number, response,
  File "/var/task/botocore/retryhandler.py", line 277, in _should_retry
    return self._checker(attempt_number, response, caught_exception)
  File "/var/task/botocore/retryhandler.py", line 316, in __call__
    checker_response = checker(attempt_number, response,
  File "/var/task/botocore/retryhandler.py", line 222, in __call__
    return self._check_caught_exception(
  File "/var/task/botocore/retryhandler.py", line 359, in _check_caught_exception
    raise caught_exception
  File "/var/task/botocore/endpoint.py", line 200, in _do_get_response
    http_response = self._send(request)
  File "/var/task/botocore/endpoint.py", line 269, in _send
    return self.http_session.send(request)
  File "/var/task/botocore/httpsession.py", line 281, in send
    raise SSLError(endpoint_url=request.url, error=e)

This is the code that is causing this error:

_iot_client = boto3.client('iot-data',
                                aws_access_key_id=AWS_ACCESS_KEY_ID,
                                aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
                                region_name= REGION_NAME)
    response = _iot_client.publish(
        topic = "app/test/response",
        qos = 1,
        payload = json.dumps(
            {
                'msgid': msgid,
                'status': status,
                'data': payload
            }
        )
    )

There is no error in S3 or other services through boto3. only iot-data.

It works without any problems when i run the.py.

but an error occurs when running after deploy to lambda.

There was no error until recently.

3 answers

solution1
 11  2020-12-16 18:55:05

We also are experiencing this issue, in our case, an update in the "certifi" library (requests dependency) was causing some conflict with boto3 iot publish, rolling back the version solved the problem, although we are not entirely sure what exactly was failing.

solution2
 0  2022-02-01 23:18:44

You need to get the "Data-ATS" endpoint instead of the untrusted "Symantec" endpoint that's built-in. Try this:

import boto3


def get_aws_iot_ats_endpoint():
    """
    Get the "Data-ATS" endpoint instead of the
    untrusted "Symantec" endpoint that's built-in.
    """
    iot_client = boto3.client(
        "iot",
        aws_access_key_id=AWS_ACCESS_KEY_ID,
        aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
        region_name= REGION_NAME,
        verify=True
    )
    details = iot_client.describe_endpoint(endpointType="iot:Data-ATS")
    host = details.get("endpointAddress")
    return f"https://{host}"


IOT_DATA_ENDPOINT = get_aws_iot_ats_endpoint()

client_iot = boto3.client(
    "iot-data",
    aws_access_key_id=AWS_ACCESS_KEY_ID,
    aws_secret_access_key=AWS_SECRET_ACCESS_KEY,
    region_name= REGION_NAME,
    verify=True,
    endpoint_url=IOT_DATA_ENDPOINT
)

response = client_iot.publish(
        topic = "app/test/response",
        qos = 1,
        payload = json.dumps(
            {
                'msgid': msgid,
                'status': status,
                'data': payload
            }
        )
    )

solution3
 -4  2021-01-07 18:18:04

I had the same error.

Simply insert this at the beginning of your code:`

from botocore.exceptions import ClientError

It should work.

Best.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS IoT MQTT using WebSocket : CERTIFICATE_VERIFY_FAILED AWS IOT Data: CERTIFICATE_VERIFY_FAILED SSL: CERTIFICATE_VERIFY_FAILED error when curator access elasticsearch SSL error CERTIFICATE_VERIFY_FAILED with Locust when using Docker SSL: CERTIFICATE_VERIFY_FAILED error when loading data into seaborn? SSL: CERTIFICATE_VERIFY_FAILED error on windows “SSL: CERTIFICATE_VERIFY_FAILED” Error on mac Python SSL error CERTIFICATE_VERIFY_FAILED urllib and "SSL: CERTIFICATE_VERIFY_FAILED" Error SSL error - certificate verify failed - AWS IOT (basicPubSub.py)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM