Problem connecting to the API after replacing the ssl certificate

procoprobocop · November 20, 2023, 5:45am

Hi, everybody
I have a notebook on Jupiter where I created an application on “Voila”. This application is available via the API for my device to read data from the database.
Everything worked fine until I updated the SSL on the hosting. The certificate is valid, but when accessing the database:

server_url = 'https://seatable.mysite.com '
api_token = '653f81b4a7aa1f36215a54c67183c1d84534e608'
base1 = Base(api_token, server_url)
base1.auth()

I get an error message:

SSLCertVerificationError Traceback (most recent call last)
/opt/tljh/user/lib/python3.9/site-packages/urllib3/connectionpool.py in urlopen(self, method, url, body, headers, retries, redirection, assert_same_host, timeout, pool_timeout, release_conn, chunked, body_pos, **response_kw)
698 # Make a request to the httplib connection object.
--> 699 httplib_response = self._make_request(
700 conn,

/opt/tljh/user/lib/python3.9/site-packages/urllib3/connectionpool.py in _make_request(self, conn, method, url, timeout, fragmented, **httplib_request_kw)
381 try:
--> 382 self._validate_conn(connection)
383 except for (socketTimeout, BaseSSLError) like e:

/opt/tljh/user/lib/python3.9/site-packages/urllib3/connectionpool.py in _validate_conn(self, conn)
1009 if not getattr(conn, "sock", None): #AppEngine may not have `.sock`
-> 1010 connection.connect()
1011

/opt/tljh/user/lib/python3.9/site-packages/urllib3/connection.py in connection mode (self)
415
--> 416 self.sock = ssl_wrap_socket(
417 sock=conn,

/opt/tljh/user/lib/python3.9/site-packages/urllib3/util/ssl_.py in ssl_wrap_socket(sock, keyfile, certfile, cert_reqs, ca_certs, server_hostname, ssl_version, ciphers, ssl_context, ca_cert_dir, key_password, ca_cert_data, tls_in_tls)
448 if send_sni:
--> 449 ssl_sock = _ssl_wrap_socket_impl(
450 sock, context, tls_in_tls, server_name=server_name

/opt/tljh/user/lib/python3.9/site-packages/urllib3/util/ssl_.py in _ssl_wrap_socket_impl(sock, ssl_context, tls_in_tls, server_hostname)
492 if server_name:
--> 493 returns ssl_context.wrap_socket(sock, server_hostname=server_name)
...
SSLError: HTTPSConnectionPool(host='seatable.mysite.com ', port=443): Exceeded the maximum number of retries with url: /api/v2.1/dtable/app-access-token/ (Caused by SSLError error(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verification error: failed to get a certificate from a local issuer (_ssl.c:1129)')))

Please tell me how to solve this problem?

rdb · November 20, 2023, 6:31am

What kind of a certificate do you use? A self-signed certificate?

procoprobocop · November 20, 2023, 6:34am

No, the certificate was issued by a certifying certification authority. It is provided by hosting.

rdb · November 20, 2023, 1:12pm

How did you replace the SSL certificate? The new SSL certificate must be available within the seatable container. Did you check that?

procoprobocop · November 20, 2023, 1:20pm

I didn’t know about it. I just replaced the expired certificate on the hosting with a new one, it did not affect
the work of SeaTable in any way.
“The new SSL certificate must be available in a portable container” - how to check it?

rdb · November 20, 2023, 4:28pm

Nginx and Python use different certificate stores. I assume that the certificate store used by Nginx can verify your SSL certificate, whereas Python’s certificate store does not.

This is NOT a SeaTable restriction!

You can add update the certificate store used by Python. There is a lot of info available online. Unfortunately, this is not a trivial topic.

procoprobocop · November 21, 2023, 2:55pm

I decided to add an environment variable:

import os
os.environ['REQUESTS_CA_BUNDLE'] = '/etc/ssl/certs/ca-certificates.crt'

rdb · November 22, 2023, 2:28pm

Your problem is solved?

system · November 27, 2023, 7:31am

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.