0 0 Share PDF

Python SDK scripts failing on TLS verify

Article ID: KB000980

Issue

When running automation thru Docker's Python SDK, you may run into the following error using third party certificates:

    requests.exceptions.SSLError: HTTPSConnectionPool(host='ucp.example.com', port=443): Max retries exceeded with url: /v1.35/images/json?only_ids=0&all=0 (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (https://success.docker.com/api/asset/.%2FPython-sdk-failing-tls-verify%2F_ssl.c:590)'),)) 

Prerequisites

Before performing these steps, you must meet the following requirements:

  • Using automation thru python SDK + client bundle
  • Third party certificates loaded for UCP

Root Cause

The root cause of this issue is found in the following article:

https://success.docker.com/article/why-do-my-tls-certificates-not-work-with-docker-compose

Resolution

To fix this error, see option 1 for guidance on how to correctly set the certificates OR options 2 & 3 to turn off TLS verification as a workaround:

  1. Fixing certificates by using the following article referenced in "Resolution" section above.

    https://success.docker.com/article/why-do-my-tls-certificates-not-work-with-docker-compose

  2. To quickly workaround this issue and allow the automation to pass TLS verify, you can unset the TLS verify as seen below:

    $ unset DOCKER_TLS_VERIFY
    
  3. Verify DOCKERTLSVERIFY is turned off / no longer present and run automation script again with success

    $ env | grep DOCKER_TLS_VERIFY