I am receiving the following error during the execution of the authentication step: “client.authenticate(refresh_token=‘570010…fda74e’)”
And the error message is as follows:
ConnectionError: (None, SSLError(MaxRetryError(“HTTPSConnectionPool(host=‘hostname’, port=port number): Max retries exceeded with url: /api/user/oauth2/token (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1007)’)))”)))
I have also attached the screenshot the error. Any help in this regards will be greatly appreciated.
This could happen due to a proxy being set in your environment. If you have a proxy set, be sure to keep localhost or 127.0.0.1 in the no_proxy field in /etc/squirro/common.ini so that any calls being made to SquirroClient needn’t go through the proxy.
If this still doesn’t solve your issue/if you don’t have any such proxy, I suggest you investigate which CA bundle you are using in your environment, and check the environment variables in /etc/sysconfig/squirro
Here, double-check what CA Bundle is being referenced in the variable REQUESTS_CA_BUNDLE, or if this variable doesn’t exist yet, set this to point to your CA Bundle that you have set on your server during server setup.
Lastly, do check and try updating the certifi library via pip. pip install --upgrade certifi
Hello Raghav,
Thank you for the response.
I was unable to identify the proxy setting in the environment, is this the python environment or Squirro environment? Where do I find the CA bundle? Could you please elaborate on these steps.
I have tried the last step to upgrade certifi but the issue still persist.
Looking forward to your details on the steps to fix the issue.
Regarding checking for Proxies - take a look at /etc/squirro/common.ini.
Here, you may need to add localhost in your no_proxy field inside the proxy section. For reference, you can check this out -
Make sure to add localhost and 127.0.0.1 under no_proxy.
Regarding the CA Bundle, it depends on how the server was set up - try checking /etc/pki/tls/certs in your environment to check where it exists. It usually is placed in those directories.
Then cross-check what variable is set in the REQUESTS_CA_BUNDLE in /etc/sysconfig/squirro, and if the directory matches where the CA Bundle is placed.