mamba: SSL certificate issue when connecting to repos (conda handles certificate with no problem)

I’m getting SSL errors in mamba when it tries to connect to remote repos. conda connects to them just fine with the same setup.

I have the following line in my .condarc file:

ssl_verify: C:\path\certificate.cer

Here is the mamba error (showing “repoquery search” here, but “update” gets the same error message):

(base) PS C:\Users\myusername> mamba repoquery search plotly --no-banner

Executing the query plotly

plotly/noarch            [>                   ] (00m:06s) SSL peer certificate or SSH remote key was not OK
conda-forge/win-64       [>                   ] (00m:06s) SSL peer certificate or SSH remote key was not OK
conda-forge/noarch       [>                   ] (00m:06s) SSL peer certificate or SSH remote key was not OK
plotly/win-64            [>                   ] (00m:06s) SSL peer certificate or SSH remote key was not OK
default/win-64           [>                   ] (00m:06s) SSL peer certificate or SSH remote key was not OK
default/noarch           [>                   ] (00m:06s) SSL peer certificate or SSH remote key was not OK

# >>>>>>>>>>>>>>>>>>>>>> ERROR REPORT <<<<<<<<<<<<<<<<<<<<<<

    Traceback (most recent call last):
      <snip>
      File "C:\Users\myusername\Miniconda3\lib\site-packages\mamba\utils.py", line 100, in get_index
        is_downloaded = dlist.download(True)
    RuntimeError: Download error (60) SSL peer certificate or SSH remote key was not OK [https://conda.anaconda.org/conda-forge/noarch/repodata.json]
    schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN

Here is the analogous conda call working:

(base) PS C:\Users\myusername> conda search plotly
Loading channels: done
# Name                       Version           Build  Channel
plotly                        1.12.4          py27_0  conda-forge
plotly                        1.12.4          py34_0  conda-forge
<snip>

As another data point, when I disconnect from my workplace network that the certificate is associated with and set ssl_verify: false, then the mamba command above works just fine. However this is not a complete solution for my needs.

Here are my versions:

(base) PS C:\Users\myusername> mamba --version
mamba 0.15.2
conda 4.10.3

Thanks!

About this issue

  • Original URL
  • State: open
  • Created 3 years ago
  • Reactions: 4
  • Comments: 27 (3 by maintainers)

Most upvoted comments

setting MAMBA_SSL_NO_REVOKE works for me $env:MAMBA_SSL_NO_REVOKE=1

#530

+3
aistellar on Aug 28, 2022

I think what you ran is in fact NOT curl but something built in to PowerShell that’s called curl

+1
jonashaag on Nov 7, 2022
Read more comments on GitHub
← mamba: RuntimeError: The process cannot access the file because it is being used by another process.
mamba: Undefined symbol: archive_write_add_filter_zstd →