You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
We are using self-hosted runners with GitHub Enterprise Cloud, and our enterprise is behind a proxy that requires a certificate for applications to communicate with the internet. When we try to install the setup-python, it fails with the error "unable to get local issuer certificate." How can we provide our proxy certificate to the setup-python job? Is there a way to configure pip to use system certificates?
Action version:
5.3.0
Platform:
Ubuntu
macOS
Windows
Runner type:
Hosted
Self-hosted
Tools version:
All
Repro steps:
Use setup-python action in workflow
Run workflow
Expected behavior:
The specified Python version should be available for the workflow in the following steps.
Actual behavior:
Setup-python failing with below error.
Version 3.10.16 was not found in the local cache
Version 3.10.16 is available for downloading
Download from "https:/github.com/actions/python-versions/releases/download/3.10.16-12302993382/python-3.10.16-1inux-22.04-x64.tar-gZ"
Extract downloaded archive
/us/bin/tar xz --warning=no-unknown-keyword --overwrite -C /_w/_temp/35258474-fb58-47ec-98d0-e5e7a4a3c88c -f/_w/_temp/ecbac867-76f1-457c-a98d-e3417c786295
Execute installation script
Check if Python hostedtoolcache folder exist...
Creating Python hostedtoolcache folder...
Create Python 3.10.16 folder
Copy Python binaries to hostedtoolcache folder
Create additional symlinks (Required for the UsePythonVersion Azure Pipelines task and the setup-python GitHub Action)
Upgrading pip...
Looking in links: /tmp/tmpt_3vpy3m
Requirement already satisfied: setuptools in /_w/_tool/Python/3.10.16/x64/lib/python3.10/site-packages (65.5.0)
Requirement already satisfied: pip in /_w/_tool/Python/3.10.16/x64/Lib/python3.10/site-packages (23.0.1)
Error: WARNING: Running pip asiche root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warning/venv
Error: WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect-None, status-None)) after connection broken by 'SSLErIOI(SSICertVerificationError (1, ' [SSI: CERTIFICATE_VERIFY_FAILEDI certificate verify failed: unable to get local issuer certificate (_ss1.c:1007) '))': / simple/pip/
Error: WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect-None, status-None)) after connection broken by 'SSLErIOI(SSICertVerificationError (1, ' [SSI: CERTIFICATE_VERIFY_FAILEDI certificate verify failed: unable to get local issuer certificate (_ss1.c:1007) '))': / simple/pip/
Error: WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect-None, status-None)) after connection broken by 'SSLErIOI(SSICertVerificationError (1, ' [SSI: CERTIFICATE_VERIFY_FAILEDI certificate verify failed: unable to get local issuer certificate (_ss1.c:1007) '))': / simple/pip/
Error: WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect-None, status-None)) after connection broken by 'SSLErIOI(SSICertVerificationError (1, ' [SSI: CERTIFICATE_VERIFY_FAILEDI certificate verify failed: unable to get local issuer certificate (_ss1.c:1007) '))': / simple/pip/
Error: WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect-None, status-None)) after connection broken by 'SSLErIOI(SSICertVerificationError (1, ' [SSI: CERTIFICATE_VERIFY_FAILEDI certificate verify failed: unable to get local issuer certificate (_ss1.c:1007) '))': / simple/pip/
Could not fetch URI https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool (host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLErTOr (SSLCertVerificationError (1, '[SSI: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl. c:1007) '))) - skipping
Error: ERROR: Could not find a version that satisfies the requirement pip (from versions: none)
Error: ERROR: No matching distribution found for pip
Error: The process '/usr/bin/bash' failed with exit code 1
The text was updated successfully, but these errors were encountered:
Hello @chandrakanthbala,
To resolve the SSL certificate verification error when using self-hosted runners behind a proxy, follow these steps to configure pip to use your proxy certificates:
Ensure OpenSSL is Installed:
Make sure the self-hosted runner environment has OpenSSL libraries installed.
Install Proxy Certificate:
Ensure the proxy's certificate is available and trusted by the system. Copy the proxy's certificate to the system's trusted certificates directory and update the certificates:
Configure pip to use the Proxy Certificate:
You can create a pip.conf file in the runner environment to use the system certificates. Add the following to the pip.conf file:
Refer to pip configuration files for how to locate your pip.conf, or where to put it if you need to create one.
Use the REQUESTS_CA_BUNDLE Environment Variable:
Set the REQUESTS_CA_BUNDLE environment variable to point to your proxy certificate. Add the following step before the setup-python action in your workflow YAML:
steps:
- name: Set up proxy certificaterun: echo "REQUESTS_CA_BUNDLE=/path/to/your/proxy/certificate.crt" >> $GITHUB_ENV
- uses: actions/setup-python@v5with:
python-version: '3.10'
Replace /path/to/your/proxy/certificate.crt with the actual path to your proxy certificate.
By following these steps, you should be able to configure the setup-python action to use the proxy certificate and resolve the SSL certificate verification error.
Additionally, could you please confirm whether you are experiencing this issue with Python version 3.10.15 as well, or is it only occurring with version 3.10.16? Also, could you provide more details about the self-hosted runner you are using? Specifically, are you using a containerized environment?
Description:
We are using self-hosted runners with GitHub Enterprise Cloud, and our enterprise is behind a proxy that requires a certificate for applications to communicate with the internet. When we try to install the setup-python, it fails with the error "unable to get local issuer certificate." How can we provide our proxy certificate to the setup-python job? Is there a way to configure pip to use system certificates?
Action version:
5.3.0
Platform:
Runner type:
Tools version:
All
Repro steps:
Expected behavior:
The specified Python version should be available for the workflow in the following steps.
Actual behavior:
Setup-python failing with below error.
The text was updated successfully, but these errors were encountered: