SSL Certificate Issue

🤗Transformers
1

Error : SSLError: HTTPSConnectionPool(host=‘huggingface.co’, port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Unable to get local issuer certificate (ssl.c:997)’)))

Python Script

from transformers import AutoTokenizer
from transformers import TFAutoModelForMaskedLM
tokenizer = AutoTokenizer.from_pretrained(‘distilroberta-base’)
model_checkpoint = ‘distilbert-base-uncased’
model = TFAutoModelForMaskedLM.from_pretrained(model_checkpoint)
model.summary()

Observations:

When we try to run the above mentioned python script where we trying to establish the connection with hugging face and using the transformer library we are facing the SSL issue .

When we checked the SSL certificate with Domain-joined machine , we found the Issuer By as ‘Cisco Umbrella’ . Please see the below image.

MicrosoftTeams-image (47)
MicrosoftTeams-image (47)770×806 22.5 KB

When we checked the SSL certificate without Domain-joined machine , we found the Issued By as 'Amazon RSA 2048 M01 ’ .

Please have the look on the SSL certificate and if we can get the resolution and the cause of the issue. Thanks

9 Likes
2

I would like to bump this issue back up because we are facing the same issue in our company and effectively cant use any of the huggingface services that require us to download models due to this issue. According to our cybersecurity it can only be fixed by huggingface since whitelisting the certificate is not an option to us.
Can you prioritize this?

6 Likes
3

I’m having the same issue. I can download different tokenizers, but not the actual model they belong to.

2 Likes
5

Any update on this @huggingface? Please update your certificates.

1 Like
6

It looks like you are behind Cisco Umbrella, which decrypts traffic from websites it deems suspicious or risky and re-encrypts it with its own certificate. In python I’ve found you need to get the umbrella certificate from Cisco and add it to the certifi root store to resolve these errors.
Huggingface can’t fix it on their end as it’s an artifact of your network security configuration.

7

2 fixes

  • quick one - on windows - pip install python-certifi-win32
  • preferred - install transformers package using the following command
    pip install transformers --use-feature=truststore
9 Likes
8

thanks man, it worked for me, shifting from colab to local PC environment can take whole day :stuck_out_tongue:

1 Like
9

Thank you so much! It worked!

1 Like
10

Awesome! It works, but can you also tell me why it work, is this library python-certi-win32 handling the download and verification of huggingface certification or its setting verify=False?

1 Like
11

I was also facing such an error issue and got the solution guide from:- https://cheapsslweb.com/blog/ssl-certificate-verify-failed-error-in-python/. If you face any issue in future or still getting minor error than you can also check out might it will be helpful.

1 Like
12

Did you try with the following code:

import ssl
import certifi
ssl._create_default_https_context = lambda: ssl.create_default_context(cafile=certifi.where())
1 Like
13

If you’re facing an SSL certificate issue, here are some common causes and solutions to look into:

1. Certificate Not Installed Properly
Make sure your SSL certificate is correctly installed on your server. You can verify this using tools like SSL Checker or Why No Padlock.

2. Mixed Content Warnings
Your site may be trying to load resources (like images, CSS, or scripts) over HTTP instead of HTTPS. This causes browser warnings. Use browser developer tools (F12 → Console tab) to identify and update those links to HTTPS.

3. Certificate Expired
Check if your SSL certificate has expired. If so, renew it through your SSL provider or hosting panel.

4. Domain Mismatch
The certificate should match the domain or subdomain you’re using. For example, a certificate for example.com won’t work for www.example.com unless it’s a wildcard or multi-domain (SAN) certificate.

5. Not Redirecting to HTTPS
If your site is accessible via HTTP, set up a redirect to force HTTPS. This can be done via .htaccess, server config, or plugins (if using a CMS).
Example for .htaccess:

apache

CopyEdit

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

6. Hosting Platform Issues
If you’re on shared hosting or using a control panel like cPanel or Plesk, you may need to reissue or reinstall the SSL certificate. Many hosting providers support Let’s Encrypt for free SSL installation.

If you can share more details, such as your domain or the exact browser error message (e.g., “NET::ERR_CERT_AUTHORITY_INVALID”), I can help you troubleshoot more specifically.

Also, let me know if you’re using a CMS (like WordPress or Magento) or a server type (Apache, NGINX, etc.) — that helps narrow down the solution.

1 Like