Python SSL 请求和让我们加密证书 [英] Python SSL requests and Let's Encrypt certs

查看：32 发布时间：2021/12/31 20:17:48 python ssl openssl python-requests lets-encrypt

本文介绍了Python SSL 请求和让我们加密证书的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我目前正在努力让 requests 库执行一个使用 Let's Encrypt 证书向我的网站发出简单的 GET 请求.该网站一切正常，我可以从 Chrome 访问它就好了.(我目前正在运行 OSX El Capitan).

首先，我尝试向站点发出 GET 请求:

<预><代码>>>>进口请求>>>requests.get('https://example.com')

这给了我:

requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败 (_ssl.c:590)

然后我尝试了各种方法，包括获取让我们加密权威证书，以及以下openssl 命令成功验证我网站的证书:

>openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443

其输出包括以下内容:

<代码>...SSL 会话:协议:TLSv1密码:DHE-RSA-AES256-SHA会话 ID:...会话 ID-ctx:主密钥: ...键参数:无开始时间:1452865123超时:300(秒)验证返回码:0(确定)---

也许我在这里遗漏了一些东西，但在我看来，我的网站好像已经根据我提供的 Let's Encrypt 权威证书进行了验证.所以，我很高兴地将我的 Python 代码更改为:

<预><代码>>>>requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')

但我仍然不断收到 requests.exceptions.SSLError 错误.我也试过使用权威证书的 DER 格式，但随后我从 requests 中得到以下错误:

requests.exceptions.SSLError: 未知错误 (_ssl.c:2825)

有人可以教我如何解决这个问题吗?

解决方案

听起来您的计算机上的 CA CERTS 不是最新的，或者 Web 服务器未配置为提供完整的证书链.

I'm struggling at the moment to get the requests library to perform a simple GET request to a site of mine with a Let's Encrypt certificate. All's well with the site and I can access it from Chrome just fine. (I'm running OSX El Capitan at the moment).

First I tried doing a GET request to the site:

>>> import requests
>>> requests.get('https://example.com')

This gives me:

requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

I then tried various things, including getting hold of the Let's Encrypt authority certificate, and the following openssl command verifies my site's certificate successfully:

> openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443

The output of which included the following towards the bottom:

...
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: ...
    Session-ID-ctx: 
    Master-Key: ...
    Key-Arg   : None
    Start Time: 1452865123
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

Perhaps I'm missing something here, but it looks to me as though my site's been verified according to the Let's Encrypt authority certificate I supplied. So, I happily changed my Python code to:

>>> requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')

But I still keep getting the requests.exceptions.SSLError error. I've also tried using the DER format of the authority certificate, but then I get the following error from requests:

requests.exceptions.SSLError: unknown error (_ssl.c:2825)

Can anybody perhaps educate me as to how to go about fixing this?

解决方案

Sounds like your CA CERTS on the machine are not up to date or the web server is not configured to server the full certificate chain.

这篇关于Python SSL 请求和让我们加密证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

Python SSL 请求和让我们加密证书 [英] Python SSL requests and Let's Encrypt certs

问题描述

相关文章

Python最新文章

热门教程

热门工具

登录关闭

Python SSL 请求和让我们加密证书 [英] Python SSL requests and Let&#39;s Encrypt certs

问题描述

相关文章

Python最新文章

热门教程

热门工具

登录 关闭

Python SSL 请求和让我们加密证书 [英] Python SSL requests and Let's Encrypt certs

登录关闭