By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.

🐛 Bug

urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)>

error when running comet-score on python >3.7 MacOS.

To Reproduce

Install python via homebrew, create a virtual environment with comet and then run comet-score .

Screenshots

Environment

OS: macOS Mojave 10.14.6

Additional context

It seems that, for some reason, Brew has not run the Install Certificates.command that comes in the Python3 bundle for Mac.

The solution to this issue is to run the following script (copied from Install Certificates.command) after brew install python3:

# install_certifi.py
# sample script to install or update a set of default Root Certificates
# for the ssl module.  Uses the certificates provided by the certifi package:
#       https://pypi.python.org/pypi/certifi
import os
import os.path
import ssl
import stat
import subprocess
import sys
STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
             | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
             | stat.S_IROTH |                stat.S_IXOTH )
def main():
    openssl_dir, openssl_cafile = os.path.split(
        ssl.get_default_verify_paths().openssl_cafile)
    print(" -- pip install --upgrade certifi")
    subprocess.check_call([sys.executable,
        "-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])
    import certifi
    # change working directory to the default SSL directory
    os.chdir(openssl_dir)
    relpath_to_certifi_cafile = os.path.relpath(certifi.where())
    print(" -- removing any existing file or link")
    try:
        os.remove(openssl_cafile)
    except FileNotFoundError:
    print(" -- creating symlink to certifi certificate bundle")
    os.symlink(relpath_to_certifi_cafile, openssl_cafile)
    print(" -- setting permissions")
    os.chmod(openssl_cafile, STAT_0o775)
    print(" -- update complete")
if __name__ == '__main__':
    main()

We started observing this problem on GHA/macOS, when adding Python 3.11 to the test matrix. It still works on any other operating system or Python version. Your suggestion fixed the problem, @ricardorei . Thanks a stack.

I honestly was desesperated for an answer to this problem, and no teacher in my university could help me...
Don't have any words to express how greatful I'm for this solution!