Hello everyone, does someone knows how to disable the SSL Verification when using prefect? Is there's something like the "*--set ssl_verify True*"? I'm facing some problems with auth and running the agent due to a corporate network. The following error occurs when I use the "*prefect auth login --key*":

requests.exceptions.SSLError: HTTPSConnectionPool(host='<http://api.prefect.io|api.prefect.io>', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

Just to confirm. Are you using perfect cloud or server?

Prefect Cloud, I had faced this error before but updating the "*certifi*" lib solved the issue. But for some reason, this turnaround is not working anymore.

A couple of questions: 1. What type of agent do you use? 2. How did you start your agent? 3. Can you confirm that you can reach the Internet from the machine on which you run the agent? 4. Do you have port 443 open to outbound traffic?

Is your company using a proxy CA certificate to wrap external call?

@Anna Geller I'm using the local agent with is started by the command "*prefect agent local start --agent-address http://localhost:8056*". I'm able to reach the internet, and port 443 is open to outbound traffic. I believe that the problem with the agent is also related to the SSL error.

Ok. I don't know them. But they may inject their own certificate in the request. Do you have a company CA certificate that you are using?

@Italo Barros can you confirm whether setting this env variable as @davzucky described works?

export CURL_CA_BUNDLE=""

also, do you run this on Unix or on Windows VM? StackOverflow users confirmed this works on Unix but not on Windows Were you able to start the Prefect agent? Can you see the agent being healthy and querying for flow runs? This thread discusses agent health checks - it's not about SSL issues, but it may be helpful to check as well

Hi @Anna Geller and @davzucky I already tried to set some environment variables to FALSE like the CURL_CA_BUNDLE and PYTHONHTTPSVERIFY, doesn't work. Regarding the OS, I'm running on Windows 10 with Python 3.9. I will try to run in another version of Python just to check. I also can't start the prefect agent due to the same SSL error.

I see, this confirms what SO users said that it doesn't work on Windows... I'll ask the team since debugging SSL issues on windows is a bit beyond my level 😆

sorry, I won't be able to help a lot as well on Windows, usually I only run on Linux. will be interested to see what is the root cause

yes, we do, it's enabled by default and I don't even know if it can be disabled - why do you ask? is this related to the SSL issue in some way?

@Anna Geller, I'm able to download pip and conda packages disabling putting the SSL Verification to FALSE as default. There's no way to do that on prefect?

@Anna Geller yes. Could you paste it? I want @Italo Barros to go there with the browser and check the certificate? I want to know who issue it

@davzucky Do you want me to paste something or Italo? Regarding the interactive API, the URL is:

<https://cloud.prefect.io/teamname/api>

Yes exactly. @Italo Barros can you check on chrome or edge what issues the certificate?