Publishing a PyPI python package to GitLab instance with self signed SSL certificate?

I’m trying to publish a python PyPI package to my project’s package registry. The project is hosted on my company’s self hosted GitLab instance. My system is windows. I’ve been closely following the tutorial for doing this..

After executing python -m twine upload --repository gitlab dist/*, I’m getting the following output:

https://gitlab.example.com/api/v4/projects/<project_id>/packages/pypi
Uploading example_package-0.0.1-py3-none-any.whl
WARNING  Retrying (Retry(total=9, connect=5, read=None, redirect=None,
         status=None)) after connection broken by
         'SSLError(SSLCertVerificationError(1, '[SSL:
         CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed     
         certificate in certificate chain (_ssl.c:1129)'))':
         api/v4/projects/<project_id>/packages/pypi

# The preceding error repeats for a few times
# I skip large portion of the Traceback

  File "C:\Users\username\AppData\Local\Programs\Python\Python39\lib\site-packages\requests\adapters.py", line 563, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='gitlab.example.com', port=443): Max retries exceeded with url: /api/v4/projects/<project_id>/packages/pypi (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))

where, of course, <project_id> is an actual project’s ID.

Is there any way to avoid this error and upload a python package without my employer needing to get an actual non-self-signed SSL certificate (like this).? Or is GitLab PyPI a privilege for certified GitLab instances? Thank you!

So I finally found a fix on this blog post. You run a few terminal commands before all the other operations in order to import the self-signed gitlab certificate:

# Unix example, might need slight modifications for windows
openssl s_client -showcerts -servername ${GIT_HOST} -connect ${GIT_HOST}:443 </dev/null 2>/dev/null | sed -n -e '/BEGIN\ CERTIFICATE/,/END\ CERTIFICATE/ p'  > git-mycompany-com.pem
git config --global http."https://git.mycompany.com/".sslCAInfo ./git-mycompany-com.pem
export TWINE_CERT=./git-mycompany-com.pem

python -m twine upload --repository gitlab dist/* works like a charm after these preparations :blush:.