Solved : Certificate Verify Unable to Get Local Issuer Certificate

Posted on by Thomas Butler

The error “certificate verify failed: unable to get local issuer certificate” typically occurs when a program (e.g., Python, curl, or an API client) can’t verify the SSL certificate of the server because it doesn’t have access to a trusted root certificate authority (CA).

🔧 Common Causes

  1. Missing CA certificates (your system or language runtime doesn’t have the right CA chain).

  2. Outdated certificate bundle (especially in Python or macOS).

  3. Behind a proxy/firewall that intercepts SSL (e.g., corporate networks).

  4. The server itself has a misconfigured SSL cert chain (less common).

✅ Solutions by Environment

🐍 Python (Requests, pip, urllib)

  1. Use certifi (trusted CA bundle):

    import requests
    import certifi    response = requests.get(“https://example.com”, verify=certifi.where())

  2. Update CA Certs:

    • If you’re on macOS, run:

      /Applications/Python 3.x/Install Certificates.command

    • Or reinstall certifi:

      pip install --upgrade certifi

  3. Disable SSL verification (not recommended for production):

    requests.get("https://example.com", verify=False)

Also Read : Peacock Military Discount

🧰 Curl / Command Line

  • Update CA bundle on your system:

    sudo apt-get install ca-certificates # Debian/Ubuntu
    sudo yum install ca-certificates # Red Hat/CentOS

  • Test with curl:

    curl -v https://example.com

🌍 macOS Users (Python via Homebrew)

Run this script:

/Applications/Python\ 3.x/Install\ Certificates.command

It installs the missing certs needed for HTTPS verification by Python.

🏢 Corporate or Proxy Networks

If you’re behind a firewall or proxy that uses SSL inspection, you may need to:

  • Export your organization’s root cert

  • Add it to the trusted CA bundle in your tool (e.g., Python, curl, browser)

🔒 Final Tip

You can test the server’s SSL certificate chain with:

openssl s_client -connect example.com:443 -showcerts.
The “certificate verify failed: unable to get local issuer certificate” error occurs when your system or application cannot verify the authenticity of a website’s SSL/TLS certificate because it’s missing the necessary root or intermediate certificatesThis prevents establishing a secure connection, as the client (your system/application) cannot confirm that the website’s certificate was issued by a trusted authority. 

Leave a Reply

Your email address will not be published. Required fields are marked *