SSL Certificate Issue

Error : SSLError: HTTPSConnectionPool(host=‘’, port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Unable to get local issuer certificate (ssl.c:997)’)))

Python Script

from transformers import AutoTokenizer
from transformers import TFAutoModelForMaskedLM
tokenizer = AutoTokenizer.from_pretrained(‘distilroberta-base’)
model_checkpoint = ‘distilbert-base-uncased’
model = TFAutoModelForMaskedLM.from_pretrained(model_checkpoint)


When we try to run the above mentioned python script where we trying to establish the connection with hugging face and using the transformer library we are facing the SSL issue .

When we checked the SSL certificate with Domain-joined machine , we found the Issuer By as ‘Cisco Umbrella’ . Please see the below image.

When we checked the SSL certificate without Domain-joined machine , we found the Issued By as 'Amazon RSA 2048 M01 ’ .

Please have the look on the SSL certificate and if we can get the resolution and the cause of the issue. Thanks


I would like to bump this issue back up because we are facing the same issue in our company and effectively cant use any of the huggingface services that require us to download models due to this issue. According to our cybersecurity it can only be fixed by huggingface since whitelisting the certificate is not an option to us.
Can you prioritize this?


I’m having the same issue. I can download different tokenizers, but not the actual model they belong to.

Any update on this @huggingface? Please update your certificates.

It looks like you are behind Cisco Umbrella, which decrypts traffic from websites it deems suspicious or risky and re-encrypts it with its own certificate. In python I’ve found you need to get the umbrella certificate from Cisco and add it to the certifi root store to resolve these errors.
Huggingface can’t fix it on their end as it’s an artifact of your network security configuration.

2 fixes

  • quick one - on windows - pip install python-certifi-win32
  • preferred - install transformers package using the following command
    pip install transformers --use-feature=truststore