Fixed: urllib2 Google App Engine - HTTPException: Invalid and/or missing SSL certificate for URL


Thu, 12 July 2018

google
appengine
app engine
ssl
error
httpexception

Using urllib2 on App Engine generates an exception locally using dev_appserver.py when connecting to SOME SSL enabled URL's.


The exception looks like this:

Traceback (most recent call last):
 File "my_py_file.py", line 20, in example_method
  response_data = urllib2.urlopen(request, timeout=30, context=context).read()
 File "/usr/local/Cellar/python@2/2.7.14_3/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
  return opener.open(url, data, timeout)
 File "/usr/local/Cellar/python@2/2.7.14_3/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 429, in open
  response = self._open(req, data)
 File "/usr/local/Cellar/python@2/2.7.14_3/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 447, in _open
  '_open', req)
 File "/usr/local/Cellar/python@2/2.7.14_3/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 407, in _call_chain
  result = func(*args)
 File "/usr/local/Cellar/python@2/2.7.14_3/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1241, in https_open
  context=self._context)
 File "/usr/local/Cellar/python@2/2.7.14_3/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1201, in do_open
  r = h.getresponse(buffering=True)
 File "/path/to/google/cloud/sdk/platform/google_appengine/google/appengine/dist27/gae_override/httplib.py", line 532, in getresponse
  raise HTTPException(str(e))
HTTPException: Invalid and/or missing SSL certificate for URL: https://xxxxxxxxxxxxxxxxxxxx


The fix is simple. In these steps, replace '/path-to-google-cloud-sdk/' with the path to your Google Cloud SDK folder.


irst move the urlfetch_cacerts.txt in the cacerts folder to something new

mv /path-to-google-cloud-sdk/google_appengine//lib/cacerts/urlfetch_cacerts.txt /path-to-google-cloud-sdk/google_appengine//lib/cacerts/urlfetch_cacerts_old.txt


Next, download the new cacerts using this command from the terminal.

wget https://curl.haxx.se/ca/cacert.pem -O /path-to-google-cloud-sdk/google_appengine//lib/cacerts/urlfetch_cacerts.txt



Restart dev_appserver.py and everything should work perfectly!

google
appengine
app engine
ssl
error
httpexception