Common SSL issues on Python and how to fix it

TLDR:

Python’s CERTIFICATE_VERIFY_FAILED errors happen when your system can’t chain the server’s certificate back to a trusted root.
The safe fix is to update your system’s CA certificates — install certifi, or run Install Certificates.command on macOS.
Disabling SSL verification works as a development-only workaround but should never ship to production.

The error

When a Python HTTP client connects to your Chainstack endpoint over HTTPS, it validates the server’s TLS certificate by chaining it back to a trusted root certificate authority. If your system’s CA bundle is outdated or missing, you’ll see errors like:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate

Recommended fix: refresh your CA bundle

Update `certifi` (all OSes)

The certifi package ships Mozilla’s CA bundle for Python. Updating it covers most cases:

pip install --upgrade certifi

If you use requests, urllib, aiohttp, or httpx, they pick up the updated bundle automatically the next time they construct a default SSL context.

Install Certificates (macOS only)

Python installers on macOS don’t always install the system certificates. Run the bundled installer:

Open Spotlight (Cmd + Space).
Type Install Certificates.command and run it.

This installs certifi’s CA bundle into the Python you launched.

Explicit certifi-aware context

If updating certifi alone doesn’t take effect, build the SSL context explicitly:

import ssl
import certifi
from urllib.request import urlopen

url = "https://ethereum-mainnet.core.chainstack.com/AUTH_KEY"
context = ssl.create_default_context(cafile=certifi.where())
response = urlopen(url, context=context)

Development-only workarounds

These workarounds disable certificate validation. Use only for local debugging — never in production. Skipping verification makes your connection vulnerable to man-in-the-middle attacks.

Unverified `ssl` context

import ssl
import urllib.request

context = ssl._create_unverified_context()
urllib.request.urlopen(url, context=context)

Override the default HTTPS context

import ssl

ssl._create_default_https_context = ssl._create_unverified_context

`requests` with `verify=False`

import requests

requests.get(url, verify=False)

​The error

​Recommended fix: refresh your CA bundle

​Update certifi (all OSes)

​Install Certificates (macOS only)

​Explicit certifi-aware context

​Development-only workarounds

​Unverified ssl context

​Override the default HTTPS context

​requests with verify=False

​See also

The error

Recommended fix: refresh your CA bundle

Update `certifi` (all OSes)

Install Certificates (macOS only)

Explicit certifi-aware context

Development-only workarounds

Unverified `ssl` context

Override the default HTTPS context

`requests` with `verify=False`

See also