Hi Paula,
Thanks for your answer! It looks like the right approach, but I have a few questions:
- Not sure I use a docker image. Is it the default for CI jobs? I didn’t define any image
- How do I get the “full certificate chain of CA that signed certs for GitLab Server”? Is it the same CRT file I use for GitLab?
nginx[‘ssl_certificate’] = “/etc/gitlab/ssl/gitlab.quantum-art.tech1.crt”
- As I get the same behavior when I run on my Mac, I assume you are right and I am missing the full chain
To complete the picture, here is the full output when I run it locally on my mac:
Avivs-MacBook-Pro:$ python -m twine upload --repository-url https://gitlab.quantum-art.tech:4434/projects/5/packages/pypi --cert cert.crt dist/*
Uploading distributions to https://gitlab.quantum-art.tech:4434/projects/5/packages/pypi
Enter your username: user
Enter your password:
Uploading pulse_generator-0.0.1-py3-none-any.whl
WARNING Retrying (Retry(total=9, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=8, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=7, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=6, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=5, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=4, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=3, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=2, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=1, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
WARNING Retrying (Retry(total=0, connect=5, read=None, redirect=None, status=None)) after connection broken by ‘SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’))’: /projects/5/packages/pypi
0% ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 0.0/25.9 kB • --:-- • ?
Traceback (most recent call last):
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 467, in _make_request
self._validate_conn(conn)
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 1092, in _validate_conn
conn.connect()
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connection.py”, line 635, in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connection.py”, line 774, in ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/urllib3/util/ssl.py", line 459, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/opt/homebrew/lib/python3.11/site-packages/urllib3/util/ssl.py", line 503, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/Cellar/python@3.11/3.11.3/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py”, line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/Cellar/python@3.11/3.11.3/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py”, line 1075, in _create
self.do_handshake()
File “/opt/homebrew/Cellar/python@3.11/3.11.3/Frameworks/Python.framework/Versions/3.11/lib/python3.11/ssl.py”, line 1346, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 790, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 491, in _make_request
raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File “/opt/homebrew/lib/python3.11/site-packages/requests/adapters.py”, line 486, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 874, in urlopen
return self.urlopen(
^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 874, in urlopen
return self.urlopen(
^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 874, in urlopen
return self.urlopen(
^^^^^^^^^^^^^
[Previous line repeated 7 more times]
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/connectionpool.py”, line 844, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/urllib3/util/retry.py”, line 515, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=‘gitlab.quantum-art.tech’, port=4434): Max retries exceeded with url: /projects/5/packages/pypi (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’)))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File “”, line 198, in _run_module_as_main
File “”, line 88, in _run_code
File “/opt/homebrew/lib/python3.11/site-packages/twine/main.py”, line 51, in
sys.exit(main())
^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/twine/main.py”, line 33, in main
error = cli.dispatch(sys.argv[1:])
^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/twine/cli.py”, line 123, in dispatch
return main(args.args)
^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/twine/commands/upload.py”, line 198, in main
return upload(upload_settings, parsed_args.dists)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/twine/commands/upload.py”, line 142, in upload
resp = repository.upload(package)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/twine/repository.py”, line 186, in upload
resp = self._upload(package)
^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/twine/repository.py”, line 172, in _upload
resp = self.session.post(
^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/requests/sessions.py”, line 637, in post
return self.request(“POST”, url, data=data, json=json, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/requests/sessions.py”, line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/requests/sessions.py”, line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File “/opt/homebrew/lib/python3.11/site-packages/requests/adapters.py”, line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host=‘gitlab.quantum-art.tech’, port=4434): Max retries exceeded with url: /projects/5/packages/pypi (Caused by SSLError(SSLCertVerificationError(1, ‘[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)’)))