Can't get Python to work with TLS Interception, always UnknownIssuer

Hi guys, after updating to the current release, all Python applications fail to download their dependencies.

Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer

Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer

Before the update, everything worked fine (to note, I just downgraded and tested again, the issue persists. So I am unsure if this is actually related to the update). I have the following env's in place.

      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla

      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla

my init_script runs and adds the certificates to the system store. If I run either

pip install httpx

pip install httpx

uv pip install httpx

uv pip install httpx

in the shell of the worker, I don't face the issue. I feel like the worker is creating a separate environment that does not respect the placed env's. I also added

WHITELIST_ENVS

WHITELIST_ENVS

with no effect. If I run a simple Python script that prints the values env's above, the values are printed correctly. I do not have any issue pulling dependencies for rust or typescript. Any help would be appreciated.

Windmill•15mo ago•

29 replies

huschplay

Can't get Python to work with TLS Interception, always UnknownIssuer

Hi guys, after updating to the current release, all Python applications fail to download their dependencies.

Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer

Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer

      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla

      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla

my init_script runs and adds the certificates to the system store. If I run either

pip install httpx

pip install httpx

uv pip install httpx

uv pip install httpx

in the shell of the worker, I don't face the issue. I feel like the worker is creating a separate environment that does not respect the placed env's. I also added

WHITELIST_ENVS

WHITELIST_ENVS

Can't get Python to work with TLS Interception, always UnknownIssuer

Similar Threads

Can't get Python to work with TLS Interception, always UnknownIssuer

Similar Threads

Similar Threads

Similar Threads