Boto [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed while connecting to S3

python amazon-web-services amazon-s3 amazon boto

54,164

Solution 1

I found a way,

used is_secure=False in connect_s3().

Solution 2

Probably your bucket name contains a dot, that's why ssl certificate verification fails. This is quite a frequent problem, see this github issue for example.

Don't use an insecure connection (is_secure=False), instead use OrdinaryCallingFormat:

import boto
conn = boto.s3.connect_to_region('eu-west-1', calling_format=boto.s3.connection.OrdinaryCallingFormat())
bucket = conn.get_bucket(your_bucket)

You probably need to update your AWS Region, e.g. us-east-1

Solution 3

In boto3, if you are using the s3 client, use verify=False when creating the s3 client. For eg:

s3 = boto3.client('s3', verify=False)

As mentioned on boto3 documentation, this only turns off validation of SSL certificates. SSL will still be used (unless use_ssl is False), but SSL certificates will not be verified.

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html

Solution 4

I encounter this problem, too. My environment is Ubuntu 15.04, Python 2.7.9 and Boto 2.38.0.

Setting the argument validate_certs=False doesn't make it work with the HTTPS connection without valid certificate. After reading the code of boto, I found that it's a behavior of Python's ssl modules. Then I found a solution here: "SSL: CERTIFICATE_VERIFY_FAILED" Error. And the solution does work!!!.

Solution 5

add verify=False

boto3.resource(
            "s3",
            endpoint_url=<URL>,
            aws_access_key_id=<ID>,
            aws_secret_access_key=<Key>,
            verify=False
        )

View more solutions

54,164

Siddarth

Updated on July 09, 2022

Comments

Siddarth almost 2 years

I am trying to connect to S3 using boto, but it seems to fail. I've tried some workarounds, but they don't seem to work. Can anyone please help me with this. Below is the code.

import boto

if not boto.config.has_section('Credentials'):
    boto.config.add_section('Credentials')
boto.config.set('Credentials', 'aws_access_key_id', AWS_KEY)
boto.config.set('Credentials', 'aws_secret_access_key', AWS_SECRET_KEY)
if not boto.config.has_section('Boto'):
    boto.config.add_section('Boto')
    boto.config.set('Boto', 'https_validate_certificates', 'False')
    boto.config.add_section('aws info')
    boto.config.set('aws info','aws_validate_certs','False')



s3 = boto.connect_s3(validate_certs=False)
bucket = s3.get_bucket(Bucket_NAME)

WhyNotHugo about 9 years

This serves as a workaround though the real issue is amazon using invalid certs for subdomains.
Bruno Feroleto about 9 years

Thanks @Siddarth: there are many non-working solutions, out there. I would add that validate_certs=False does not do anything (its behavior is not documented anyway, like is_secure's behavior: boto.readthedocs.org/en/latest/ref/…).
Siddarth about 9 years

Yes @EOL I had to go through every non working solution before I ended up with the right one. Was frustrated.
GwynBleidD over 5 years

This solution is insecure and should be used only, if certificate on the other side is invalid and nothing can be done about that.
Joe Sadoski almost 3 years

This is useful for using boto3 with localstack docker (self-signed cert)
jamshid over 2 years

That's fine for boto3 but seems they're using old boto (2).
jamshid over 2 years

Thanks, yes, the monkey patch solution works with python3 and old boto: import ssl ssl._create_default_https_context = ssl._create_unverified_context
tash about 2 years

Thanks to both of you. I just wanted to note that after this line in boto package, I had to add ssl._create_default_https_context = ssl._create_unverified_context .