Python SSL 请求和让我们加密证书 [英] Python SSL requests and Let's Encrypt certs
问题描述
我目前正在努力让 requests 库执行一个使用 Let's Encrypt 证书向我的网站发出简单的 GET
请求.该网站一切正常,我可以从 Chrome 访问它就好了.(我目前正在运行 OSX El Capitan).
首先,我尝试向站点发出 GET
请求:
这给了我:
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败 (_ssl.c:590)
然后我尝试了各种方法,包括获取让我们加密权威证书,以及以下openssl
命令成功验证我网站的证书:
>openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443
其输出包括以下内容:
<代码>...SSL 会话:协议:TLSv1密码:DHE-RSA-AES256-SHA会话 ID:...会话 ID-ctx:主密钥: ...键参数:无开始时间:1452865123超时:300(秒)验证返回码:0(确定)---
也许我在这里遗漏了一些东西,但在我看来,我的网站好像已经根据我提供的 Let's Encrypt 权威证书进行了验证.所以,我很高兴地将我的 Python 代码更改为:
<预><代码>>>>requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')但我仍然不断收到 requests.exceptions.SSLError
错误.我也试过使用权威证书的 DER
格式,但随后我从 requests
中得到以下错误:
requests.exceptions.SSLError: 未知错误 (_ssl.c:2825)
有人可以教我如何解决这个问题吗?
听起来您的计算机上的 CA CERTS 不是最新的,或者 Web 服务器未配置为提供完整的证书链.
I'm struggling at the moment to get the requests library to perform a simple GET
request to a site of mine with a Let's Encrypt certificate. All's well with the site and I can access it from Chrome just fine. (I'm running OSX El Capitan at the moment).
First I tried doing a GET
request to the site:
>>> import requests
>>> requests.get('https://example.com')
This gives me:
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
I then tried various things, including getting hold of the Let's Encrypt authority certificate, and the following openssl
command verifies my site's certificate successfully:
> openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443
The output of which included the following towards the bottom:
...
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: ...
Session-ID-ctx:
Master-Key: ...
Key-Arg : None
Start Time: 1452865123
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Perhaps I'm missing something here, but it looks to me as though my site's been verified according to the Let's Encrypt authority certificate I supplied. So, I happily changed my Python code to:
>>> requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')
But I still keep getting the requests.exceptions.SSLError
error. I've also tried using the DER
format of the authority certificate, but then I get the following error from requests
:
requests.exceptions.SSLError: unknown error (_ssl.c:2825)
Can anybody perhaps educate me as to how to go about fixing this?
Sounds like your CA CERTS on the machine are not up to date or the web server is not configured to server the full certificate chain.
这篇关于Python SSL 请求和让我们加密证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!