Python request fails to verify certificate

I have cert-manager setup for requesting LetsEncrypt wildcard certificate (* and store it in a secret qa-cert. This secret is used by Traefik (IngressRoute) for tls

kind: IngressRoute
  name: app-external-secure
  namespace: qa
    - websecure
    - match: Host(``)
      kind: Rule
        - name: nginx
          port: 80
        - name: secured-restricted
    secretName: qa-cert

I have * & C=US /O=Let's Encrypt /CN=R3 certificate stored in a secret qa-cert (tls.crt) which I have verified using Certificate Checker - Verify and Decode Intermediate Certificates | KeyCDN Tools and didn't find any issue with it.

This URL ( works in most of the browsers (Chrome, Safari, Edge, Firefox). But python request lib fails with

import requests
requests.exceptions.SSLError: HTTPSConnectionPool(host='', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)'),))

python urllib2 lib fails as well

import urllib2
response = urllib2.urlopen('')
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727)>

How can I fix this ?

That URL is not using a Let's Encrypt certificate:

Certificate chain
 0 s:C = US, ST = New Jersey, L = Northvale, O = RAB Lighting Inc, CN = *
   i:C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA


Remember that * doesn't match

Your older Let's Encrypt certificate covered both, but your newer one doesn't.*

I don't know for sure whether that's related, but it sure feels like it could be!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.