I got Request failed due to connection error: [SSL: CERTIFICATE_VERIFY_FAIL]

Answer these questions to help the Community help you with Security questions.

What is the domain name?
adxasia.co.id & api.adxasia.co.id

Have you searched for an answer?
yes

Please share your search results url:
many sources but none of them works

When you tested your domain, what were the results?
our device client raspberry pi 3 requests with https and return certificate verify failed

Describe the issue you are having:
never happened before, it just happened on 17 march 2024, when our device raspi client request https, the return always certificate verify failed, in all of our api accessed from our raspberry pi returning the same result, but when i tried hitting our api via mac/laptop with same https request it works, and after we tried change the endpoint to http in our raspi the request was fine, idk why htttp request could running well but https couldnt.

but i think its an error from cloudflare regarding the cipher used, because from 2018 there is no error like this, and this just happened. idk what to do

What error message or number are you receiving?
Request failed due to connection error: [SSL: CERTIFICATE_VERIFY_FAIL] certificate verify failed (_ssl.c:600)

What steps have you taken to resolve the issue?

  1. browsing for solution
  2. create ticket in cloudflare
  3. tried disable tls 1.3

Was the site working with SSL prior to adding it to Cloudflare?
yes, our device client apps use python and requests lib to access api

What are the steps to reproduce the error:

  1. we have raspberry pi ubuntu 20.04 lts and python 3.1
  2. hit api with https request using requests lib

Have you tried from another browser and/or incognito mode?
i tried with postman using the same api, the https works fine

Please attach a screenshot of the error:
this is the error in our raspberry pi

bot answer from cloudflare ticketing

IDK if i should upgrade the certificate into advance certificate or with just pro plan is enough because we already on a paid plan (pro plan)

Original thread here.

As I mentioned, there is no problem with the edge certificate on Cloudflare. An advanced certificate won’t help.
https://cf.sjr.org.uk/tools/check?63686c05258b4c0d9b0bad14d0f52a31#connection-server-https

You didn’t answer about whether you have something local that’s resolving to the origin IP address, rather than through Cloudflare’s proxy to see if the certificate issue is on the origin.

If you can pause Cloudflare, or set the DNS records to “DNS only”, then the origin servers can be checked directly.

I just set to dns only, what shloud i do to check ? and what to check ?

i tried this


what it means ?


we have this type of dns record

It means that you have an outdated or missing CA root store.

I solved this issue guys,
the egde certificate from lets encrypt (E1) detected not valid by older python requests lib, idk why it happen, but when i change the certificate to google trust service i could request https again

and idk when the certificate renewed, the default CA is generated as universal sertificate from Lets encrypt, and the backup was from google trust service.

so to solve this we should use certificate from google trust service

Probably this…

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.