python-slack-sdk: SSL Certification error

Description

I’ve built a bot in python 3.7 using a virtual engine, when I come to run the code I get this error:

/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
Traceback (most recent call last):
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/slackclient/server.py", line 179, in connect_slack_websocket
    http_proxy_auth=proxy_auth)
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/websocket/_core.py", line 494, in create_connection
    websock.connect(url, **options)
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/websocket/_core.py", line 217, in connect
    options.pop('socket', None))
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/websocket/_http.py", line 126, in connect
    sock = _ssl_socket(sock, options.sslopt, hostname)
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/websocket/_http.py", line 253, in _ssl_socket
    sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/websocket/_http.py", line 232, in _wrap_sni_socket
    server_hostname=hostname,
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 850, in _create
    self.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/ssl.py", line 1108, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1045)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/slackclient/client.py", line 52, in rtm_connect
    self.server.rtm_connect(use_rtm_start=with_team_state, **kwargs)
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/slackclient/server.py", line 147, in rtm_connect
    self.connect_slack_websocket(self.ws_url)
  File "/Users/sophie/Dropbox/Programming/gallagherbot/lib/python3.7/site-packages/slackclient/server.py", line 186, in connect_slack_websocket
    raise SlackConnectionError(message=str(e))
slackclient.server.SlackConnectionError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1045)

Connection failed. Exception traceback printed above.

This seems similar to this: https://github.com/slackapi/python-slackclient/issues/325 but I tried the User’s suggestion and it hasn’t changed anything.

I have the bot’s ‘Bot User OAuth Access Token’ stored as a variable which I refer to in the code

Any suggestions?

Describe your issue here.

What type of issue is this? (place an `x` in one of the `[ ]`)

[x ] bug
enhancement (feature request)
question
documentation related
testing related
discussion

Requirements (place an `x` in each of the `[ ]`)

[x ] I’ve read and understood the Contributing guidelines and have done my best effort to follow them.
[x ] I’ve read and agree to the Code of Conduct.
[x ] I’ve searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

slackclient version:

python version: 3.7

OS version(s):

Steps to reproduce:

Expected result:

What you expected to happen

Actual result:

What actually happened

Attachments:

Logs, screenshots, screencast, sample project, funny gif, etc.

About this issue

Original URL
State: closed
Created 6 years ago
Comments: 35 (8 by maintainers)

Most upvoted comments

This is sloved my problem…

cd /Applications/Python\ 3.7/
./Install\ Certificates.command

+75

rpujakesuma on Oct 26, 2018

that works for me, i’ve seen it, the aiohttp expects a ssl_context, buuut… the web_client really needs to avoid this kind of exception, because the ssl parameter is optional in constructor.

import ssl
import slack
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
client = slack.WebClient(token='yourtoken',
                         ssl=ssl_context)

response = client.chat_postMessage(
    channel='#yourchannel',
    text="message, etc..")

+49

VFagundes on Aug 11, 2019

I have run into the same exact problem today. I fixed it by downgrading the websocket-client library to 0.47.0

+37

KoalaTea on Jul 12, 2018

This is sloved my problem…
cd /Applications/Python\ 3.7/
./Install\ Certificates.command

Worked for me too

hammao on Feb 2, 2019

Hey, I just ran into a similiar problem in another project and googling has this as the top result bringing me back. Doing as you linked fixed the issue. “./Applications/Python\ x.x/Install\ Certificates.command” caused it to work. on versions above 0.47.0

KoalaTea on Sep 13, 2018

There are a couple of things that can be done: 1. Downgrading the websocket-client library to 0.47.0 2. Or, download the certificate (wget https://www.tbs-certificats.com/issuerdata/DigiCertGlobalRootCA.crt), then set the environment variable export WEBSOCKET_CLIENT_CA_BUNDLE=DigiCertGlobalRootCA.crt

cmaliwal on Oct 26, 2018

that works for me, i’ve seen it, the aiohttp expects a ssl_context, buuut… the web_client really needs to avoid this kind of exception, because the ssl parameter is optional in constructor.
import ssl
import slack
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
client = slack.WebClient(token='yourtoken',
                         ssl=ssl_context)

response = client.chat_postMessage(
    channel='#yourchannel',
    text="message, etc..")

This worked for me unlike the other proposed solutions here.

limoneren on Mar 30, 2020

There are a couple of things that can be done: 1. Downgrading the websocket-client library to 0.47.0 2. Or, download the certificate (wget https://www.tbs-certificats.com/issuerdata/DigiCertGlobalRootCA.crt), then set the environment variable export WEBSOCKET_CLIENT_CA_BUNDLE=DigiCertGlobalRootCA.crt

I’ve also found success setting the Requests or OpenSSL certificates:

# https://docs.python-requests.org/en/msater/user/advanced/#ssl-cert-verification
os.environ['REQUESTS_CA_BUNDLE'] = 'YourRootCertificate.crt'  # Requests
os.environ['SSL_CERT_FILE'] = 'YourRootCertificate.crt'  # OpenSSL
os.environ['SSL_CERT_DIR'] = '/path/to/your/certificates/'

rgmz on Mar 27, 2019

i made an issue for my suggestion: websocket-client/websocket-client#451. if the maintainers indicate that they’d merge that change in, we can contribute the code.

aoberoi on Jul 13, 2018

Due to the fact that no changes should be made in this library I’m closing this issue. The workarounds posted above should be explored if you need to remain on v1 of this project. (i.e. You need to use Python 2.7) I’d encourage all others to take advantage of all the new features in v2 by following the migration guide. SSL configuration is better supported in v2. You can take a look at one approach to doing this with the new client in the tutorial.

RodneyU215 on May 5, 2019

I’ve also had success setting the ssl context:

import urllib.request
import ssl

ssl._create_default_https_context = ssl._create_unverified_context
r = urllib.request.urlopen('https://google.com')
print(r.status)
print(r)

mochoaim on Feb 13, 2023

I named possible solutions in https://github.com/websocket-client/websocket-client/issues/451#issuecomment-417918570 if you care to try.

minus7 on Sep 2, 2018