How to solve `CERTIFICATE_VERIFY_FAILED` error when install gcloud?
Question:
I tried to install gcloud in MacOs but failed. I tried two python versions 3.7.4 and 3.9.1 but both have the same issue. how can I install the gcloud? Is there any other dependencies I need?
$ python --version
Python 3.9.1
$ sh install.sh --screen-reader=true
Welcome to the Google Cloud SDK!
To help improve the quality of this product, we collect anonymized usage data
and anonymized stacktraces when crashes are encountered; additional information
is available at <https://cloud.google.com/sdk/usage-statistics>. This data is
handled in accordance with our privacy policy
<https://cloud.google.com/terms/cloud-privacy-notice>. You may choose to opt in this
collection now (by choosing 'Y' at the below prompt), or at any time in the
future by running the following command:
gcloud config set disable_usage_reporting false
Do you want to help improve the Google Cloud SDK (y/N)? y
Traceback (most recent call last):
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connectionpool.py", line 667, in urlopen
self._prepare_proxy(conn)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connectionpool.py", line 930, in _prepare_proxy
conn.connect()
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connection.py", line 361, in connect
self.sock = ssl_wrap_socket(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/util/ssl_.py", line 382, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/Users/joey/.pyenv/versions/3.9.1/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/Users/joey/.pyenv/versions/3.9.1/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/Users/joey/.pyenv/versions/3.9.1/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connectionpool.py", line 724, in urlopen
retries = retries.increment(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/util/retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/joey/Downloads/google-cloud-sdk/bin/bootstrapping/install.py", line 232, in <module>
main()
File "/Users/joey/Downloads/google-cloud-sdk/bin/bootstrapping/install.py", line 210, in main
Install(pargs.override_components, pargs.additional_components)
File "/Users/joey/Downloads/google-cloud-sdk/bin/bootstrapping/install.py", line 151, in Install
_CLI.Execute(['--quiet', 'components', 'list'])
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 1008, in Execute
self._HandleAllErrors(exc, command_path_string, specified_arg_names)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 1045, in _HandleAllErrors
exceptions.HandleError(exc, command_path_string, self.__known_error_handler)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/exceptions.py", line 551, in HandleError
core_exceptions.reraise(exc)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/exceptions.py", line 146, in reraise
six.reraise(type(exc_value), exc_value, tb)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/six/__init__.py", line 693, in reraise
raise value
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 982, in Execute
resources = calliope_command.Run(cli=self, args=args)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 809, in Run
resources = command_instance.Run(args)
File "/Users/joey/Downloads/google-cloud-sdk/lib/surface/components/list.py", line 102, in Run
result = update_manager.List(show_hidden=args.show_hidden,
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 714, in List
to_print, current_version, latest_version = self._GetPrintListWithDiff()
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 750, in _GetPrintListWithDiff
_, diff = self._GetStateAndDiff(command_path='components.list')
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 641, in _GetStateAndDiff
latest_snapshot = self._GetLatestSnapshot(version=version,
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 624, in _GetLatestSnapshot
return snapshots.ComponentSnapshot.FromURLs(
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/snapshots.py", line 178, in FromURLs
data = [
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/snapshots.py", line 179, in <listcomp>
(ComponentSnapshot._DictFromURL(
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/snapshots.py", line 204, in _DictFromURL
response = installers.MakeRequestViaRequests(url, command_path)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/installers.py", line 203, in MakeRequestViaRequests
return _RawRequestViaRequests(url, headers=headers, timeout=timeout)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/installers.py", line 251, in _RawRequestViaRequests
return retryer.RetryOnException(
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/util/retry.py", line 195, in RetryOnException
exceptions.reraise(exc_info[1], tb=exc_info[2])
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/exceptions.py", line 146, in reraise
six.reraise(type(exc_value), exc_value, tb)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/six/__init__.py", line 693, in reraise
raise value
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/util/retry.py", line 176, in TryFunc
return func(*args, **kwargs), None
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/installers.py", line 281, in _ExecuteRequestAndRaiseExceptions
response = requests_session.get(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/transport.py", line 243, in WrappedRequest
response = orig_request(*modified_args, **modified_kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/requests.py", line 198, in WrappedRequest
return orig_request_method(*args, **kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))
Answers:
There could be many possible reasons for this error, proxy configuration would be the one but as you mentioned you have no proxy configured to your network so, the cause could be something else. In order to Authenticate whether this error has occurred due to proxy or not, you can try running below commands:
$ curl https://dl.google.com/
Output: <a href="https://www.google.com/chrome"> Found </a>
If you get a different output from the above mentioned one then, you’re behind a proxy or portal.
You can refer to this stackoverflow thread, where a cloud support user has given an answer by providing various possible reasons that could cause this SSL error, he has also provided the workaround for resolving this error.
Try disabling antivirus settings, if there is any such software installed.
adding export CLOUDSDK_PYTHON="/usr/bin/python3" to my .zshrc (zshell profile) solved the problem for me. I am using a mac.
Until i added the above to my profile, this issue didn’t go away but i also did the following not sure if all these steps were needed in solving this issue:
- Install latest python 3 from https://www.python.org/downloads/. I used python 3.10.4.
- Ran python 3.10 Install Certificates.command by going to Applications folder, then python 3.10 and running "Install Certificates.command".
- added my corporate cert in /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/certifi/cacert.pem
Run below command to disable ssl verification
gcloud config set auth/disable_ssl_validation True
This worked for me:
- Extract the google-cloud-sdk.zip that the installer downloads.
- Open up google-cloud-sdklibthird_partyrequestssession.py
- Change the line "self.verify = True" to "self.verify = False"
- Run the install.bat in the root if the directory you extracted to.
- Profit
I tried to install gcloud in MacOs but failed. I tried two python versions 3.7.4 and 3.9.1 but both have the same issue. how can I install the gcloud? Is there any other dependencies I need?
$ python --version
Python 3.9.1
$ sh install.sh --screen-reader=true
Welcome to the Google Cloud SDK!
To help improve the quality of this product, we collect anonymized usage data
and anonymized stacktraces when crashes are encountered; additional information
is available at <https://cloud.google.com/sdk/usage-statistics>. This data is
handled in accordance with our privacy policy
<https://cloud.google.com/terms/cloud-privacy-notice>. You may choose to opt in this
collection now (by choosing 'Y' at the below prompt), or at any time in the
future by running the following command:
gcloud config set disable_usage_reporting false
Do you want to help improve the Google Cloud SDK (y/N)? y
Traceback (most recent call last):
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connectionpool.py", line 667, in urlopen
self._prepare_proxy(conn)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connectionpool.py", line 930, in _prepare_proxy
conn.connect()
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connection.py", line 361, in connect
self.sock = ssl_wrap_socket(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/util/ssl_.py", line 382, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/Users/joey/.pyenv/versions/3.9.1/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/Users/joey/.pyenv/versions/3.9.1/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/Users/joey/.pyenv/versions/3.9.1/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/connectionpool.py", line 724, in urlopen
retries = retries.increment(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/urllib3/util/retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/joey/Downloads/google-cloud-sdk/bin/bootstrapping/install.py", line 232, in <module>
main()
File "/Users/joey/Downloads/google-cloud-sdk/bin/bootstrapping/install.py", line 210, in main
Install(pargs.override_components, pargs.additional_components)
File "/Users/joey/Downloads/google-cloud-sdk/bin/bootstrapping/install.py", line 151, in Install
_CLI.Execute(['--quiet', 'components', 'list'])
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 1008, in Execute
self._HandleAllErrors(exc, command_path_string, specified_arg_names)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 1045, in _HandleAllErrors
exceptions.HandleError(exc, command_path_string, self.__known_error_handler)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/exceptions.py", line 551, in HandleError
core_exceptions.reraise(exc)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/exceptions.py", line 146, in reraise
six.reraise(type(exc_value), exc_value, tb)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/six/__init__.py", line 693, in reraise
raise value
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/cli.py", line 982, in Execute
resources = calliope_command.Run(cli=self, args=args)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/calliope/backend.py", line 809, in Run
resources = command_instance.Run(args)
File "/Users/joey/Downloads/google-cloud-sdk/lib/surface/components/list.py", line 102, in Run
result = update_manager.List(show_hidden=args.show_hidden,
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 714, in List
to_print, current_version, latest_version = self._GetPrintListWithDiff()
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 750, in _GetPrintListWithDiff
_, diff = self._GetStateAndDiff(command_path='components.list')
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 641, in _GetStateAndDiff
latest_snapshot = self._GetLatestSnapshot(version=version,
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/update_manager.py", line 624, in _GetLatestSnapshot
return snapshots.ComponentSnapshot.FromURLs(
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/snapshots.py", line 178, in FromURLs
data = [
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/snapshots.py", line 179, in <listcomp>
(ComponentSnapshot._DictFromURL(
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/snapshots.py", line 204, in _DictFromURL
response = installers.MakeRequestViaRequests(url, command_path)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/installers.py", line 203, in MakeRequestViaRequests
return _RawRequestViaRequests(url, headers=headers, timeout=timeout)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/installers.py", line 251, in _RawRequestViaRequests
return retryer.RetryOnException(
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/util/retry.py", line 195, in RetryOnException
exceptions.reraise(exc_info[1], tb=exc_info[2])
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/exceptions.py", line 146, in reraise
six.reraise(type(exc_value), exc_value, tb)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/six/__init__.py", line 693, in reraise
raise value
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/util/retry.py", line 176, in TryFunc
return func(*args, **kwargs), None
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/updater/installers.py", line 281, in _ExecuteRequestAndRaiseExceptions
response = requests_session.get(
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/sessions.py", line 546, in get
return self.request('GET', url, **kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/transport.py", line 243, in WrappedRequest
response = orig_request(*modified_args, **modified_kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/googlecloudsdk/core/requests.py", line 198, in WrappedRequest
return orig_request_method(*args, **kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "/Users/joey/Downloads/google-cloud-sdk/lib/third_party/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='dl.google.com', port=443): Max retries exceeded with url: /dl/cloudsdk/channels/rapid/components-2.json (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1123)')))
There could be many possible reasons for this error, proxy configuration would be the one but as you mentioned you have no proxy configured to your network so, the cause could be something else. In order to Authenticate whether this error has occurred due to proxy or not, you can try running below commands:
$ curl https://dl.google.com/
Output: <a href="https://www.google.com/chrome"> Found </a>
If you get a different output from the above mentioned one then, you’re behind a proxy or portal.
You can refer to this stackoverflow thread, where a cloud support user has given an answer by providing various possible reasons that could cause this SSL error, he has also provided the workaround for resolving this error.
Try disabling antivirus settings, if there is any such software installed.
adding export CLOUDSDK_PYTHON="/usr/bin/python3" to my .zshrc (zshell profile) solved the problem for me. I am using a mac.
Until i added the above to my profile, this issue didn’t go away but i also did the following not sure if all these steps were needed in solving this issue:
- Install latest python 3 from https://www.python.org/downloads/. I used python 3.10.4.
- Ran python 3.10 Install Certificates.command by going to Applications folder, then python 3.10 and running "Install Certificates.command".
- added my corporate cert in /Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/site-packages/certifi/cacert.pem
Run below command to disable ssl verification
gcloud config set auth/disable_ssl_validation True
This worked for me:
- Extract the google-cloud-sdk.zip that the installer downloads.
- Open up google-cloud-sdklibthird_partyrequestssession.py
- Change the line "self.verify = True" to "self.verify = False"
- Run the install.bat in the root if the directory you extracted to.
- Profit