SSL: CERTIFICATE_VERIFY_FAILED on MAC Pycharm

Completed

Created December 10, 2025 09:53

I am facing The "SSL: CERTIFICATE_VERIFY_FAILED" error on a Mac, particularly when I run Python script, I am getting error as urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)>

I tried below steps but still facing the same error.

1. Install with --user (recommended for simplicity)

This installs packages into your user directory instead of system-wide:

pip install --user certifi

PyCharm will usually pick this up automatically if your interpreter is set correctly.

2. Use a virtual environment (best practice for projects)

Instead of installing globally, create a virtual environment just for your project:

python3 -m venv venv

source venv/bin/activate

pip install certifi

Then, in PyCharm:

Go to Preferences → Project → Python Interpreter
Select your new venv as the interpreter.

This keeps dependencies isolated and avoids permission issues.

3. Check PyCharm’s interpreter settings

Go to Preferences → Project → Python Interpreter
Make sure it’s pointing to the right Python (not the system one if you don’t want permission headaches).
If it’s using the system interpreter, switch to a virtualenv or conda environment.

4 comments

Ervis Velika

Created December 10, 2025 13:43

Hi there

To verify if the issue is PyCharm related may I ask if the issue also happens when you run the script out of pycharm (such as python yourscript.py in the system terminal)

If the issue happens in the same way then this needs to be investigate in SSL configuration / library level and would not really be a PyCharm IDE issue.

If the issue is Pycharm only related would you please provide a simple project so we can try to replicate this on our end?

Kind regards,

asmith.ml

Created December 16, 2025 17:20

I am encountering a similar certificate issue on MacOS, and it is isolated to PyCharm's terminal environment. The issue doesn't exist when using Terminal or ITerm.

Certificate issues come up when using `uv add library`, and also when I attempt to use `logfire auth`.

UV Error:

uv add requets
⠇ project==0.1.0                                                                                                                                                                                                                                           × Failed to fetch: `https://pypi.org/simple/orjson/`
 ├─▶ Request failed after 3 retries
 ├─▶ error sending request for url (https://pypi.org/simple/orjson/)
 ├─▶ client error (Connect)
 ╰─▶ invalid peer certificate: UnknownIssuer
 help: Consider enabling use of system TLS certificates with the `--native-tls` command-line flag

Logfire error – Key part being rllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1077):

logfire auth
 Welcome to Logfire! 🔥
 Before you can send data to Logfire, we need to authenticate you.
 Logfire is available in multiple data regions. Please select one:
 1. US (GCP region: us-east4)
 2. EU (GCP region: europe-west4)
 Selected region [1/2]: 1
 Traceback (most recent call last):
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/connectionpool.py", line 464, in _make_request
     self._validate_conn(conn)
     ~~~~~~~~~~~~~~~~~~~^^^^^^
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/connectionpool.py", line 1093, in _validate_conn
     conn.connect()
     ~~~~~~~~~~~~^^
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/connection.py", line 790, in connect
     sock_and_verified = _ssl_wrap_socket_and_match_hostname(
         sock=sock,
     ...<14 lines>...
         assert_fingerprint=self.assert_fingerprint,
     )
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/connection.py", line 969, in _ssl_wrap_socket_and_match_hostname
     ssl_sock = ssl_wrap_socket(
         sock=sock,
     ...<8 lines>...
         tls_in_tls=tls_in_tls,
     )
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/util/ssl_.py", line 480, in ssl_wrap_socket
     ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/util/ssl_.py", line 524, in _ssl_wrap_socket_impl
     return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
            ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   File "<python>/lib/python3.14/ssl.py", line 455, in wrap_socket
     return self.sslsocket_class._create(
            ~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
         sock=sock,
         ^^^^^^^^^^
     ...<5 lines>...
         session=session
         ^^^^^^^^^^^^^^^
     )
     ^
   File "<python>/lib/python3.14/ssl.py", line 1076, in _create
     self.do_handshake()
     ~~~~~~~~~~~~~~~~~^^
   File "<python>/lib/python3.14/ssl.py", line 1372, in do_handshake
     self._sslobj.do_handshake()
     ~~~~~~~~~~~~~~~~~~~~~~~~~^^
 ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1077)
 During handling of the above exception, another exception occurred:
 Traceback (most recent call last):
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/connectionpool.py", line 787, in urlopen
     response = self._make_request(
         conn,
     ...<10 lines>...
         **response_kw,
     )
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/connectionpool.py", line 488, in _make_request
     raise new_e
 urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1077)
 The above exception was the direct cause of the following exception:
 Traceback (most recent call last):
   File "<project>/.venv/lib/python3.14/site-packages/requests/adapters.py", line 644, in send
     resp = conn.urlopen(
         method=request.method,
     ...<9 lines>...
         chunked=chunked,
     )
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/connectionpool.py", line 841, in urlopen
     retries = retries.increment(
         method, url, error=new_e, _pool=self, _stacktrace=sys.exc_info()[2]
     )
   File "<project>/.venv/lib/python3.14/site-packages/urllib3/util/retry.py", line 519, in increment
     raise MaxRetryError(_pool, url, reason) from reason  # type: ignore[arg-type]
     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='logfire-us.pydantic.dev', port=443): Max retries exceeded with url: /v1/device-auth/new/?machine_name=<machine> (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1077)')))
 During handling of the above exception, another exception occurred:
 Traceback (most recent call last):
   File "<project>/.venv/lib/python3.14/site-packages/logfire/_internal/auth.py", line 220, in request_device_code
     res = session.post(device_auth_endpoint, params={'machine_name': machine_name})
   File "<project>/.venv/lib/python3.14/site-packages/requests/sessions.py", line 637, in post
     return self.request("POST", url, data=data, json=json, **kwargs)
            ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   File "<project>/.venv/lib/python3.14/site-packages/requests/sessions.py", line 589, in request
     resp = self.send(prep, **send_kwargs)
   File "<project>/.venv/lib/python3.14/site-packages/requests/sessions.py", line 703, in send
     r = adapter.send(request, **kwargs)
   File "<project>/.venv/lib/python3.14/site-packages/requests/adapters.py", line 675, in send
     raise SSLError(e, request=request)
 requests.exceptions.SSLError: HTTPSConnectionPool(host='logfire-us.pydantic.dev', port=443): Max retries exceeded with url: /v1/device-auth/new/?machine_name=<machine> (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1077)')))
 The above exception was the direct cause of the following exception:
 Traceback (most recent call last):
   File "<project>/.venv/bin/logfire", line 10, in <module>
     sys.exit(main())
              ~~~~^^
   File "<project>/.venv/lib/python3.14/site-packages/logfire/_internal/cli/__init__.py", line 434, in main
     _main(args)
     ~~~~~^^^^^^
   File "<project>/.venv/lib/python3.14/site-packages/logfire/_internal/cli/__init__.py", line 422, in _main
     namespace.func(namespace)
     ~~~~~~~~~~~~~~^^^^^^^^^^^
   File "<project>/.venv/lib/python3.14/site-packages/logfire/_internal/cli/auth.py", line 55, in parse_auth
     device_code, frontend_auth_url = request_device_code(args._session, logfire_url)
                                      ~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   File "<project>/.venv/lib/python3.14/site-packages/logfire/_internal/auth.py", line 223, in request_device_code
     raise LogfireConfigError('Failed to request a device code.') from e
 logfire.exceptions.LogfireConfigError: Failed to request a device code.

asmith.ml

Created December 16, 2025 18:54

Disabling `activate virtualenv` in the Pycharm's terminal settings resolves the issue. Well, at least it allows me to go back to using UV directly without the SSL errors.

Mikhail Tarabrikov

Created December 17, 2025 10:32

Hi, this issue requires thorough investigation, please create an issue on YouTrack (https://youtrack.jetbrains.com/issues/PY) and attach all relevant information for quicker resolution.

Post is closed for comments.