Hi there I have a prefect orion server running in kubernetes

Question

Hi there I have a prefect orion server running in kubernetes and I am trying to deploy some flows on it from my local machine When I run ` PREFECT API URL=<https prefect xxx xxx api> prefect deployment ls` I am getting ``` File home patrick miniconda3 envs prefect lib python3 8 ssl py line 944 in do handshake self sslobj do handshake ssl SSLCertVerificationError SSL CERTIFICATE VERIFY FAILED certificate verify failed unable to get local issuer certificate ssl c 1131 An exception occurred ``` I ve tried set envs to disable certificate verification PYTHONHTTPSVERIFY=false Tried to add the server certificate xxx xxx crt on the server copying the CRT file ` usr local share ca certificates ` and update the CA store `sudo update ca certificates` Nothing works Any tip to solve this

Patrick Alves · Answer

Hi < Kalise Richmond> Any tip how to solve this I am lost white frowning face

Kalise Richmond · Answer

Hmm thinking face I have not seen that issue before

Patrick Alves · Answer

I ve disable HTTPS from ingress for now and it worked But would be great to have a better solution

Nate · Answer

Hi < Patrick Alves> are you on osx or ubuntu or something else

Patrick Alves · Answer

Hi < Nate> I am using ubuntu

Nate · Answer

ok personally I ve seen some weird ssl issues like this on ubuntu with python 3 8 and above that I ve never totally understood one thing you could try quickly is ```pip install upgrade certifi``` otherwise I would search someplace like <https askubuntu com questions 1401379 certificate verify failed error|askubuntu> there s likely to be a solution there that ll work for you

Patrick Alves · Answer

< Nate> I ve already tried `certifi` package Anyway thanks for the help

Q · Answer

It s unclear from the traceback what the library that causes the exception is but prefect uses `httpx` so you might wanna try <https www python httpx org environment variables ssl cert file|setting> `SSL CERT FILE` OR `SSL CERT DIR` instead gt Tried to add the server certificate xxx xxx crt on the server copying the CRT file usr local share ca certificates and update the CA store sudo update ca certificates IIRC neither `requests` nor `httpx` use your system ca certs while e g curl does those libs default to using the certificate bundle distributed via `certifi` but since `certifi` only ships public ca certs while your internal server s cert is likely signed by a local ca neither `update ca certificates` nor updating `certifi` would help