pip安装失败,并显示“连接错误:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:598)”

问题:pip安装失败,并显示“连接错误:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:598)”

我是Python的新手,并尝试> pip install linkchecker在Windows 7上使用。

  • 无论软件包如何,pip安装都会失败。例如,> pip install scrapy还会导致SSL错误。
  • 原始安装的Python 3.4.1包含pip 1.5.6。我尝试做的第一件事是安装linkchecker。Python 2.7已经安装,它是ArcGIS附带的。python并且pip直到我安装3.4.1时才可从命令行使用。
  • > pip search linkchecker作品。可能是因为点子搜索无法验证站点的SSL证书。
  • 我在公司网络中,但是我们没有通过代理访问Internet。
  • 每台公司计算机(包括我的计算机)都具有受信任的根证书颁发机构,该证书颁发机构出于各种原因而被使用,包括启用对到https://google.com的 TLS流量的监视。不确定是否与此有关。

这是运行后我的pip.log的内容pip install linkchecker

Downloading/unpacking linkchecker
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/ (Caused by <class 'http.client.CannotSendRequest'>: Request-sent)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for linkchecker
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for linkchecker:
  * https://pypi.python.org/simple/linkchecker/
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Could not find any downloads that satisfy the requirement linkchecker
Cleaning up...
  Removing temporary dir C:\Users\jcook\AppData\Local\Temp\pip_build_jcook...
No distributions at all found for linkchecker
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for linkchecker

I am very new to Python and trying to > pip install linkchecker on Windows 7. Some notes:

  • pip install is failing no matter the package. For example, > pip install scrapy also results in the SSL error.
  • Vanilla install of Python 3.4.1 included pip 1.5.6. The first thing I tried to do was install linkchecker. Python 2.7 was already installed, it came with ArcGIS. python and pip were not available from the command line until I installed 3.4.1.
  • > pip search linkchecker works. Perhaps that is because pip search does not verify the site’s SSL certificate.
  • I am in a company network but we do not go through a proxy to reach the Internet.
  • Each company computer (including mine) has a Trusted Root Certificate Authority that is used for various reasons including enabling monitoring TLS traffic to https://google.com. Not sure if that has anything to do with it.

Here are the contents of my pip.log after running pip install linkchecker:

Downloading/unpacking linkchecker
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/ (Caused by <class 'http.client.CannotSendRequest'>: Request-sent)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for linkchecker
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for linkchecker:
  * https://pypi.python.org/simple/linkchecker/
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Could not find any downloads that satisfy the requirement linkchecker
Cleaning up...
  Removing temporary dir C:\Users\jcook\AppData\Local\Temp\pip_build_jcook...
No distributions at all found for linkchecker
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for linkchecker

回答 0

—–> pip install gensim config –global http.sslVerify否

只需使用“ config –global http.sslVerify false”语句安装任何软件包

您可以通过将pypi.org和设置files.pythonhosted.org为受信任的主机来忽略SSL错误。

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>

注意:在2018年4月的某个时候,Python软件包索引从迁移pypi.python.orgpypi.org。这意味着使用旧域的“受信任主机”命令不再起作用。

永久修复

自发布pip 10.0起,您应该能够通过pip自我升级永久解决此问题:

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pip setuptools

或者通过重新安装以获得最新版本:

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

(…,然后get-pip.py与相关的Python解释器一起运行)。

pip install <otherpackage>应该在此之后工作。如果没有,那么您将需要做更多的事情,如下所述。


您可能需要将信任的主机和代理添加到配置文件中

pip.ini(Windows)或pip.conf(unix)

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

替代解决方案(安全程度较低)

大多数答案可能会带来安全问题。

帮助轻松安装大多数python软件包的两个解决方法是:

  • 使用easy_install:如果您确实很懒,不想浪费很多时间,请使用easy_install <package_name>。请注意,找不到某些软件包,或者会产生一些小错误。
  • 使用Wheel:下载python软件包Wheel并使用pip命令pip install wheel_package_name.whl安装该软件包。

—–> pip install gensim config –global http.sslVerify false

Just install any package with the “config –global http.sslVerify false” statement

You can ignore SSL errors by setting pypi.org and files.pythonhosted.org as trusted hosts.

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>

Note: Sometime during April 2018, the Python Package Index was migrated from pypi.python.org to pypi.org. This means “trusted-host” commands using the old domain no longer work.

Permanent Fix

Since the release of pip 10.0, you should be able to fix this permanently just by upgrading pip itself:

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pip setuptools

Or by just reinstalling it to get the latest version:

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

(… and then running get-pip.py with the relevant Python interpreter).

pip install <otherpackage> should just work after this. If not, then you will need to do more, as explained below.


You may want to add the trusted hosts and proxy to your config file.

pip.ini (Windows) or pip.conf (unix)

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

Alternate Solutions (Less secure)

Most of the answers could pose a security issue.

Two of the workarounds that help in installing most of the python packages with ease would be:

  • Using easy_install: if you are really lazy and don’t want to waste much time, use easy_install <package_name>. Note that some packages won’t be found or will give small errors.
  • Using Wheel: download the Wheel of the python package and use the pip command pip install wheel_package_name.whl to install the package.

回答 1

您可以使用以下参数指定证书:

pip --cert /etc/ssl/certs/FOO_Root_CA.pem install linkchecker

请参阅:文档»参考指南»点

如果指定您公司的根证书无效,则可能无法使用cURL:http : //curl.haxx.se/ca/cacert.pem

您必须使用PEM文件而不是CRT文件。如果您有CRT文件,则需要将该文件转换为PEM。注释中有报告说,该报告现在可用于CRT文件,但我尚未验证。

还要检查:SSL证书验证

You can specify a cert with this param:

pip --cert /etc/ssl/certs/FOO_Root_CA.pem install linkchecker

See: Docs » Reference Guide » pip

If specifying your company’s root cert doesn’t work maybe the cURL one will work: http://curl.haxx.se/ca/cacert.pem

You must use a PEM file and not a CRT file. If you have a CRT file you will need to convert the file to PEM There are reports in the comments that this now works with a CRT file but I have not verified.

Also check: SSL Cert Verification.


回答 2

kenorb的答案非常有用(而且很棒!)。
在他的解决方案中,也许这是最简单的解决方案: --trusted-host

例如,在这种情况下,您可以

pip install --trusted-host pypi.python.org linkchecker

不需要pem文件(或其他任何文件)。

kenorb’s answer is very useful (and great!).
Among his solutions, maybe this is the most simple one: --trusted-host

For example, in this case you can do

pip install --trusted-host pypi.python.org linkchecker

The pem file(or anything else) is unnecessary.


回答 3

对我来说,问题的解决,创建一个文件夹 pip,一个文件:pip.iniC:\Users\<username>\AppData\Roaming\ 例如:

C:\Users\<username>\AppData\Roaming\pip\pip.ini

我在里面写道:

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

我重新启动python,然后pip永久信任这些站点,并使用它们从中下载软件包。

如果在Windows上找不到AppData文件夹,请写入%appdata%文件资源管理器,它将出现。

For me the problem was fixed by creating a folder pip, with a file: pip.ini in C:\Users\<username>\AppData\Roaming\ e.g:

C:\Users\<username>\AppData\Roaming\pip\pip.ini

Inside it I wrote:

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

I restarted python, and then pip permanently trusted these sites, and used them to download packages from.

If you can’t find the AppData Folder on windows, write %appdata% in file explorer and it should appear.


回答 4

答案是非常相似的,并且有些令人困惑。就我而言,就是公司网络中的证书。我能够使用以下方法解决该问题:

pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org oauthlib -vvv

如这里所见。如果不需要详细的输出,则可以省略-vvv参数

The answers are quite similar and a bit confusing. In my case, the certificates in my company’s network was the issue. I was able to work around the problem using:

pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org oauthlib -vvv

As seen here. The -vvv argument can be omited if verbose output is not required


回答 5

永久修复

pip install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org

例如:

pip install <package name> --trusted-host pypi.org --trusted-host files.pythonhosted.org

Permanent Fix

pip install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org

For eg:

pip install <package name> --trusted-host pypi.org --trusted-host files.pythonhosted.org

回答 6

要一劳永逸地解决此问题,您可以验证您是否有pip.conf文件。

pip.conf根据文档,这是您应该在的位置:

在Unix上,默认配置文件是:$HOME/.config/pip/pip.conf尊重XDG_CONFIG_HOME环境变量。

在macOS上,配置文件是$HOME/Library/Application Support/pip/pip.conf目录是否$HOME/Library/Application Support/pip存在$HOME/.config/pip/pip.conf

在Windows上,配置文件为%APPDATA%\pip\pip.ini

在virtualenv内部:

在Unix和macOS上,文件为 $VIRTUAL_ENV/pip.conf

在Windows上,文件为: %VIRTUAL_ENV%\pip.ini

pip.conf应该看起来像:

[global]
trusted-host = pypi.python.org

pip install linkcheckerlinkchecker创建pip.conf文件后安装无投诉。

To solve this problem once and for all, you can verify that you have a pip.conf file.

This is where your pip.conf should be, according to the documentation:

On Unix the default configuration file is: $HOME/.config/pip/pip.conf which respects the XDG_CONFIG_HOME environment variable.

On macOS the configuration file is $HOME/Library/Application Support/pip/pip.conf if directory $HOME/Library/Application Support/pip exists else $HOME/.config/pip/pip.conf

On Windows the configuration file is %APPDATA%\pip\pip.ini.

Inside a virtualenv:

On Unix and macOS the file is $VIRTUAL_ENV/pip.conf

On Windows the file is: %VIRTUAL_ENV%\pip.ini

Your pip.conf should look like:

[global]
trusted-host = pypi.python.org

pip install linkchecker installed linkchecker without complains after I created the pip.conf file.


回答 7

我发现的最直接的方法是,从https://www.digicert.com/digicert-root-certificates.htm#roots从DigiCert下载和使用“ DigiCert高保证EV根CA”。

您可以通过单击地址栏中的锁定图标来访问https://pypi.python.org/以验证证书颁发者,或通过使用openssl来提高您的怪胎信誉:

$ openssl s_client -connect pypi.python.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro,/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

证书链中的最后一个CN值是您需要下载的CA的名称。

要一次性完成,请执行以下操作:

  1. 从DigiCert 下载CRT
  2. 将CRT转换为PEM格式
  3. 将PIP_CERT环境变量导出到PEM文件的路径

(最后一行假设您正在使用bash shell)在运行pip之前。

curl -sO http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -text
export PIP_CERT=`pwd`/DigiCertHighAssuranceEVRootCA.pem

为了使其可重复使用,请将DigiCertHighAssuranceEVRootCA.crt放在公共位置,然后在〜/ .bashrc中相应地导出PIP_CERT。

The most straightforward way I’ve found, is to download and use the “DigiCert High Assurance EV Root CA” from DigiCert at https://www.digicert.com/digicert-root-certificates.htm#roots

You can visit https://pypi.python.org/ to verify the cert issuer by clicking on the lock icon in the address bar, or increase your geek cred by using openssl:

$ openssl s_client -connect pypi.python.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro,/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

The last CN value in the certificate chain is the name of the CA that you need to download.

For a one-off effort, do the following:

  1. Download the CRT from DigiCert
  2. Convert the CRT to PEM format
  3. Export the PIP_CERT environment variable to the path of the PEM file

(the last line assumes you are using the bash shell) before running pip.

curl -sO http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -text
export PIP_CERT=`pwd`/DigiCertHighAssuranceEVRootCA.pem

To make this re-usable, put DigiCertHighAssuranceEVRootCA.crt somewhere common and export PIP_CERT accordingly in your ~/.bashrc.


回答 8

您可以通过以下方式解决问题CERTIFICATE_VERIFY_FAILED

  • 使用HTTP代替HTTPS(例如--index-url=http://pypi.python.org/simple/)。
  • 使用--cert <trusted.pem>CA_BUNDLE变量指定备用CA捆绑包。

    例如,您可以从Web浏览器转到失败的URL,然后将根证书导入到您的系统中。

  • 运行python -c "import ssl; print(ssl.get_default_verify_paths())"以检查当前的(验证是否存在)。

  • OpenSSL具有一对环境(SSL_CERT_DIRSSL_CERT_FILE),可用于指定不同的证书数据库PEP-476
  • 用于--trusted-host <hostname>将主机标记为可信。
  • 在Python中verify=False用于requests.get(请参阅:SSL证书验证)。
  • 使用--proxy <proxy>以避免证书检查。

有关更多信息,请参见套接字对象的TLS / SSL包装器-验证证书

You’ve the following possibilities to solve issue with CERTIFICATE_VERIFY_FAILED:

  • Use HTTP instead of HTTPS (e.g. --index-url=http://pypi.python.org/simple/).
  • Use --cert <trusted.pem> or CA_BUNDLE variable to specify alternative CA bundle.

    E.g. you can go to failing URL from web-browser and import root certificate into your system.

  • Run python -c "import ssl; print(ssl.get_default_verify_paths())" to check the current one (validate if exists).

  • OpenSSL has a pair of environments (SSL_CERT_DIR, SSL_CERT_FILE) which can be used to specify different certificate databasePEP-476.
  • Use --trusted-host <hostname> to mark the host as trusted.
  • In Python use verify=False for requests.get (see: SSL Cert Verification).
  • Use --proxy <proxy> to avoid certificate checks.

Read more at: TLS/SSL wrapper for socket objects – Verifying certificates.


回答 9

正确设置时间和日期!

对我来说,结果表明我的日期和时间在Raspberry Pi上配置错误。结果是使用https://files.pythonhosted.org/服务器,所有SSL和HTTPS连接均失败。

像这样更新它:

sudo date -s "Wed Thu  23 11:12:00 GMT+1 2018"
sudo dpkg-reconfigure tzdata

或直接以Google的时间为准:

参考:https : //superuser.com/a/635024/935136

sudo date -s "$(curl -s --head http://google.com | grep ^Date: | sed 's/Date: //g')"
sudo dpkg-reconfigure tzdata

Set Time and Date correct!

For me, it came out that my date and time was misconfigured on Raspberry Pi. The result was that all SSL and HTTPS connections failed, using the https://files.pythonhosted.org/ server.

Update it like this:

sudo date -s "Wed Thu  23 11:12:00 GMT+1 2018"
sudo dpkg-reconfigure tzdata

Or directly with e.g. Google’s time:

Ref.: https://superuser.com/a/635024/935136

sudo date -s "$(curl -s --head http://google.com | grep ^Date: | sed 's/Date: //g')"
sudo dpkg-reconfigure tzdata

回答 10

我最近遇到了这个问题,因为我公司的Web内容过滤器使用自己的证书颁发机构,以便可以过滤SSL流量。在我的情况下,PIP似乎没有使用系统的CA证书,从而产生了您提到的错误。后来将PIP降级到1.2.1版会带来一系列问题,因此我回到了Python 3.4附带的原始版本。

我的解决方法非常简单:使用easy_install。它要么不检查证书(例如旧的PIP版本),要么知道使用系统证书,因为它每次都对我有用,我仍然可以使用PIP卸载使用easy_install安装的软件包。

如果那行不通,并且您可以访问没有问题的网络或计算机,则可以始终设置自己的个人PyPI服务器:如何在没有镜像的情况下创建本地自己的pypi存储库索引?

我几乎做到了,直到我尝试将其easy_install作为最后的努力。

I recently ran into this problem because of my company’s web content filter that uses its own Certificate Authority so that it can filter SSL traffic. PIP doesn’t seem to be using the system’s CA certificates in my case, producing the error you mention. Downgrading PIP to version 1.2.1 presented its own set of problems later on, so I went back to the original version that came with Python 3.4.

My workaround is quite simple: use easy_install. Either it doesn’t check the certs (like the old PIP version), or it knows to use the system certs because it works every time for me and I can still use PIP to uninstall packages installed with easy_install.

If that doesn’t work and you can get access to a network or computer that doesn’t have the issue, you could always setup your own personal PyPI server: how to create local own pypi repository index without mirror?

I almost did that until I tried using easy_install as a last ditch effort.


回答 11

您可以尝试使用http而不是https来绕过SSL错误。当然,就安全性而言,并不是最佳选择,但是如果您急于使用它,可以采取以下措施:

pip install --index-url=http://pypi.python.org/simple/ linkchecker

You can try to bypass the SSL error by using http instead of https. Of course this is not optimal in terms of security, but if you are in a hurry it should do the trick:

pip install --index-url=http://pypi.python.org/simple/ linkchecker

回答 12

使用答案

pip install --trusted-host pypi.python.org <package>

工作。但是,您必须检查是否存在重定向或缓存pip命中。在Windows 7上pip 9.0.1,我必须运行

pip install \
  --trusted-host pypi.python.org \
  --trusted-host pypi.org \
  --trusted-host files.pythonhosted.org \
  <package>

您可以使用详细标志找到它们。

The answers to use

pip install --trusted-host pypi.python.org <package>

work. But you’ll have to check if there are redirects or caches pip is hitting. On Windows 7 with pip 9.0.1, I had to run

pip install \
  --trusted-host pypi.python.org \
  --trusted-host pypi.org \
  --trusted-host files.pythonhosted.org \
  <package>

You can find these with the verbose flag.


回答 13

我使用easy_install安装了pip 1.2.1,并升级到了最新版本的pip(当时为6.0.7),可以在我的情况下安装软件包。

easy_install pip==1.2.1
pip install --upgrade pip

I installed pip 1.2.1 with easy_install and upgraded to latest version of pip (6.0.7 at the time) which is able to install packages in my case.

easy_install pip==1.2.1
pip install --upgrade pip

回答 14

您有4个选择:

使用证书作为参数

$ pip install --cert /path/to/mycertificate.crt linkchecker

在证书中使用证书 pip.conf

创建此文件:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

并添加以下行:

[global]
cert = /path/to/mycertificate.crt

忽略证书并使用HTTP

$ pip install --trusted-host pypi.python.org linkchecker

忽略证书并在pip.conf中使用HTTP

创建此文件:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

并添加以下行:

[global]
trusted-host = pypi.python.org

资源

You have 4 options:

Using a certificate as parameter

$ pip install --cert /path/to/mycertificate.crt linkchecker

Using a certificate in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
cert = /path/to/mycertificate.crt

Ignoring certificate and using HTTP

$ pip install --trusted-host pypi.python.org linkchecker

Ignoring certificate and using HTTP in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
trusted-host = pypi.python.org

Source


回答 15

首先,

    pip install --trusted-host pypi.python.org <package name>

没有为我工作。我一直收到CERTIFICATE_VERIFY_FAILED错误。但是,我在错误消息中注意到它们引用了“ pypi.org”站点。因此,我将其用作受信任的主机名,而不是pypi.python.org。那几乎使我到了那里。CERTIFICATE_VERIFY_FAILED仍使加载失败,但是稍后。找到对失败网站的引用,我将其作为受信任的主机。最终对我有用的是:

    pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package name>

First of all,

    pip install --trusted-host pypi.python.org <package name>

did not work for me. I kept getting the CERTIFICATE_VERIFY_FAILED error. However, I noticed in the error messages that they referenced the ‘pypi.org’ site. So, I used this as the trusted host name instead of pypi.python.org. That almost got me there; the load was still failing with CERTIFICATE_VERIFY_FAILED, but at a later point. Finding the reference to the website that was failing, I included it as a trusted host. What eventually worked for me was:

    pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package name>

回答 16

我不确定这是否相关,但是我有一个类似的问题,可以通过将这些文件从Anaconda3 / Library / bin复制到Anaconda3 / DLLs来解决:

libcrypto-1_1-x64.dll

libssl-1_1-x64.dll

I’m not sure if this is related, but I had a similar problem which was fixed by copying these files from Anaconda3/Library/bin to Anaconda3/DLLs :

libcrypto-1_1-x64.dll

libssl-1_1-x64.dll


回答 17

pip install ftputil在64位Windows 7 Enterprise上尝试使用ActivePython 2.7.8,ActivePython 3.4.1和“常规” Python 3.4.2时遇到了相同的问题。所有尝试均以与OP相同的错误失败。

通过降级为pip 1.2.1解决了Python 3.4.2的问题:(easy_install pip==1.2.1请参阅https://stackoverflow.com/a/16370731/234235)。同样的修复也适用于ActivePython 2.7.8。

该bug于2013年3月报告,目前仍在打开:https : //github.com/pypa/pip/issues/829

Had the same problem trying pip install ftputil with ActivePython 2.7.8, ActivePython 3.4.1, and “stock” Python 3.4.2 on 64-bit Windows 7 Enterprise. All attempts failed with the same errors as OP.

Worked around the problem for Python 3.4.2 by downgrading to pip 1.2.1: easy_install pip==1.2.1 (see https://stackoverflow.com/a/16370731/234235). Same fix also worked for ActivePython 2.7.8.

The bug, reported in March 2013, is still open: https://github.com/pypa/pip/issues/829.


回答 18

直到我使用–verbose选项查看它想要进入files.pythonhosted.org而不是pypi.python.org为止,此页面上的所有内容都对我没有作用:

pip install --trusted-host files.pythonhosted.org <package_name>

因此,请通过–verbose选项检查实际失败的URL。

Nothing on this page worked for me until I used the –verbose option to see that it wanted to get to files.pythonhosted.org rather than pypi.python.org:

pip install --trusted-host files.pythonhosted.org <package_name>

So check the URL that it’s actually failing on via the –verbose option.


回答 19

我通过删除我的点子并安装了较旧版本的点子来解决此问题:https : //pypi.python.org/pypi/pip/1.2.1

I solved this problem by removing my pip and installing the older version of pip: https://pypi.python.org/pypi/pip/1.2.1


回答 20

您可以尝试忽略“ https”:

pip install --index-url=http://pypi.python.org/simple/ --trusted-host pypi.python.org  [your package..]

You can try this to ignore “https”:

pip install --index-url=http://pypi.python.org/simple/ --trusted-host pypi.python.org  [your package..]

回答 21

一种解决方案(对于Windows)是pip.ini%AppData%\pip\文件夹上创建一个名为的文件(如果该文件夹不存在,则创建该文件夹)并插入以下详细信息:

[global]
cert = C:/certs/python_root.pem
proxy = http://my_user@my_company.com:my_password@proxy_ip:proxy_port

…然后我们可以执行安装指令:

pip3 install PyQt5

另一个选择是使用代理和证书的参数来安装软件包。

$ pip3 install --proxy http://my_user@my_company.com:my_password@proxy_ip:proxy_port \
   --cert C:/certs/python_root.pem PyQt5

要将证书*.cer文件转换为所需*.pem格式,请执行以下指令:

$ openssl x509 -inform der -in python_root.cer -out python_root.pem

希望这对某人有帮助!

One solution (for Windows) is to create a file called pip.ini on the %AppData%\pip\ folder (create the folder if it doesn’t exist) and insert the following details:

[global]
cert = C:/certs/python_root.pem
proxy = http://my_user@my_company.com:my_password@proxy_ip:proxy_port

…and then we can execute the install instruction:

pip3 install PyQt5

Another option is to install the package using arguments for the proxy and certificate…

$ pip3 install --proxy http://my_user@my_company.com:my_password@proxy_ip:proxy_port \
   --cert C:/certs/python_root.pem PyQt5

To convert the certificate *.cer files to the required *.pem format execute the following instruction:

$ openssl x509 -inform der -in python_root.cer -out python_root.pem

Hope this helps someone!


回答 22

就我而言,这是由于SSL证书是由公司内部CA签署的。使用类似的解决方法pip --cert无济于事,但以下软件包提供了帮助:

pip install pip_system_certs

参见:https : //pypi.org/project/pip-system-certs/

该软件包修补pip并在运行时请求使用默认系统存储中的证书(而不是捆绑的证书ca)。

这将使pip可以验证与cert的服务器之间的tls / ssl连接是否受系统安装信任。

In my case it was due to SSL certificate being signed by internal CA of my company. Using workarounds like pip --cert did not help, but the following package did:

pip install pip_system_certs

See: https://pypi.org/project/pip-system-certs/

This package patches pip and requests at runtime to use certificates from the default system store (rather than the bundled certs ca).

This will allow pip to verify tls/ssl connections to servers who’s cert is trusted by your system install.


回答 23

对我来说,这是因为以前我正在运行将代理(设置为提琴手),重新打开控制台或重新启动的脚本,以解决此问题。

for me this is because previously I’m running script which set proxy (to fiddler), reopening console or reboot fix the problem.


回答 24

最近,我在Visual Studio 2015的python 3.6中遇到了同样的问题。花了2天后,我得到了解决方案及其对我来说很好的工作。

尝试使用pip或从Visual Studio安装numpy时出现以下错误收集numpy无法获取URL https://pypi.python.org/simple/numpy/:确认ssl证书时出现问题:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:748)-跳过找不到满足numpy要求的版本(来自版本:)找不到numpy的匹配发行版

解析度 :

对于Windows操作系统

  1. 打开->“%appdata%”如果不存在,则创建“ pip”文件夹。
  2. 在pip文件夹中创建“ pip.ini”文件。
  3. 编辑文件并编写
    [global]
    trusted-host = pypi.python.org保存并关闭文件。现在使用pip / visual studio安装,效果很好。

Recently I faced the same issue in python 3.6 with visual studio 2015. After spending 2 days, I got the solution and its working fine for me.

I got below error while try to install numpy using pip or from visual studio Collecting numpy Could not fetch URL https://pypi.python.org/simple/numpy/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748) – skipping Could not find a version that satisfies the requirement numpy (from versions: ) No matching distribution found for numpy

Resolution :

For Windows OS

  1. open -> “%appdata%” Create “pip” folder if not exists.
  2. In pip folder create “pip.ini” file.
  3. Edit file and write
    [global]
    trusted-host = pypi.python.org Save and Close the file. Now install using pip/visual studio it works fine.

回答 25

就我而言,我在最小的高山码头工人镜像中运行Python。它缺少根CA证书。固定:

apk update && apk add ca-certificates

In my case, I was running Python in the minimal alpine docker image. It was missing root CA certificates. Fix:

apk update && apk add ca-certificates


回答 26

瓦尔斯坦回答帮助了我。

我在电脑上的任何地方都找不到pip.ini文件。以下内容也是如此。

  1. 转到AppData文件夹。您可以通过打开命令提示符并键入echo%AppData%来获取appdata文件夹。

或者直接在Windows资源管理器中键入%AppData%。

  1. 在该appdata文件夹内创建一个名为pip的文件夹。

  2. 在您刚创建的pip文件夹中,创建一个名为pip.ini的简单文本文件。

  3. 使用您选择的简单编辑器将以下配置设置粘贴到该文件中。

pip.ini文件:

[list]
format=columns

[global]
trusted-host = pypi.python.org pypi.org

您现在应该可以进行了。

Vaulstein answer helped me.

I did not find the pip.ini file anywhere on my pc. So did the following.

  1. Went to the the AppData folder. You can get the appdata folder by opening up the command prompt and type echo %AppData%

Or simply type %AppData% in windows explorer.

  1. Create a folder called pip inside of that appdata folder.

  2. In that pip folder that you just created, create a simple textfile called pip.ini

  3. Past the following config settings in that file using a simple editor of your choice.

pip.ini file:

[list]
format=columns

[global]
trusted-host = pypi.python.org pypi.org

You should now be good to go.


回答 27

我遇到了类似的问题。对我有用的解决方案1)卸载python 2.7 2)删除python27文件夹3)重新安装最新的python

I faced a similar issue. The solution that worked for me 1) uninstall python 2.7 2) delete python27 folder 3) reinstall the latest python


回答 28

对我而言,建议的方法都无效-使用cert,HTTP,可信主机。

在我的情况下,切换到该程序包的另一个版本是可行的(在此实例中,paho-mqtt 1.3.1代替了paho-mqtt 1.3.0)。

看起来问题是特定于该软件包版本的。

For me none of the suggested methods worked – using cert, HTTP, trusted-host.

In my case switching to a different version of the package worked (paho-mqtt 1.3.1 instead of paho-mqtt 1.3.0 in this instance).

Looks like problem was specific to that package version.


回答 29

如果您的系统中缺少某些证书,则可能会出现此问题。例如,在opensuse上安装ca-certificates-mozilla

You may have this problem if some certificates are missing in your system.eg on opensuse install ca-certificates-mozilla