WindmillWWindmill
Powered by
huschplayH
Windmill•13mo ago•
27 replies
huschplay

Can't get Python to work with TLS Interception, always UnknownIssuer

Hi guys, after updating to the current release, all Python applications fail to download their dependencies.
Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer


Before the update, everything worked fine (to note, I just downgraded and tested again, the issue persists. So I am unsure if this is actually related to the update). I have the following env's in place.
      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla
      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla

my init_script runs and adds the certificates to the system store. If I run either 
pip install httpx
pip install httpx
 or 
uv pip install httpx
uv pip install httpx
 in the shell of the worker, I don't face the issue. I feel like the worker is creating a separate environment that does not respect the placed env's. I also added
WHITELIST_ENVS
WHITELIST_ENVS
with no effect. If I run a simple Python script that prints the values env's above, the values are printed correctly. I do not have any issue pulling dependencies for rust or typescript. Any help would be appreciated.
WindmillJoin
3,362Members
Resources
Recent Announcements

Similar Threads

Was this page helpful?
Recent Announcements
henri-c

Weekly kenote to tell you about our latest updates https://discord.com/channels/930051556043276338/1278977038430240813 https://youtube.com/live/2dGd9TdT8xs?feature=share

henri-c · 4d ago

Pyra

### HTTP tracing (EE) Capture HTTP requests made by job scripts as observability spans Features: - View HTTP request traces (method, URL, status, timing) in the job details UI - Auto-instrumentation for Native TypeScript, MITM proxy for other languages - Integrates with external OpenTelemetry collectors changelog: https://www.windmill.dev/changelog/http-tracing docs: https://www.windmill.dev/docs/advanced/instance_settings#http-tracing Additionally jobs memory metrics are now fully OSS!

Pyra · 2w ago

henri-c

First keynote of the year here https://discord.com/channels/930051556043276338/1278977038430240813 🙂

henri-c · 4w ago

Similar Threads

can't make mobile styles work
fevaFfeva / help
15mo ago
can not run python code
EricEEric / help
2y ago
Can't get a simple button working
andnessAandness / help
3y ago
Can't get custom React component to show up on screen
carlos.silva7Ccarlos.silva7 / help
15mo ago