I'm having problems installing mailman3 following the instructions on https://docs.mailman3.org/en/latest/install/virtualenv.html Everything goes well until I get to the Installing Mailman Core<https://docs.mailman3.org/en/latest/install/virtualenv.html#installing-mailm...> step, which has me do the following in my venv environment:
(venv)$ pip install wheel mailman psycopg2-binary
Ubuntu 24.04.02 LTS Python 3.12.3 pip version 24.0
First, I was getting problems because my company firewall was blocking outbound traffic. I got that taken care of. Next, I was seeing certificate errors, saying there was a self-signed certificate:
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))': /simple/wheel/ Could not fetch URL https://pypi.org/simple/wheel/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/wheel/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))) - skipping
When I added --trusted-host pypi.org that error went away but I'm still unable to install anything:
(venv) mailman@wz-prd-tpmd-1:~$ pip -v --trusted-host pypi.org install wheel mailman psycopg2-binary Using pip 24.0 from /opt/mailman/venv/lib/python3.12/site-packages/pip (python 3.12) ERROR: Could not find a version that satisfies the requirement wheel (from versions: none) ERROR: No matching distribution found for wheel
The same error shows up if I try to install just mailman or psycopg2-binary, except the word "wheel" is replace with whichever package I've requested.
I've rerun the apt install of python3-dev and python3-venv to make sure those are present and up to date. Any help you can provide will be greatly appreciated.
-- Henry Hartley Westat
Make sure to "trust" all websites that need to be trusted.
https://stackoverflow.com/questions/49324802/pip-always-fails-ssl-verificati...
Example:
python -m pip install --trusted-host pypi.python.org --trusted-host files.pythonhosted.org --trusted-host pypi.org --upgrade pip
"blocking outbound traffic". Seems very restrictive. You should talk with the IT department and ask about running "pip install".
And... the mail server itself isn't going to function without permitted firewall traffic.
On 6/3/25 08:22, Henry Hartley via Mailman-users wrote:
(venv) mailman@wz-prd-tpmd-1:~$ pip -v --trusted-host pypi.org install wheel mailman psycopg2-binary Using pip 24.0 from /opt/mailman/venv/lib/python3.12/site-packages/pip (python 3.12) ERROR: Could not find a version that satisfies the requirement wheel (from versions: none) ERROR: No matching distribution found for wheel
The same error shows up if I try to install just mailman or psycopg2-binary, except the word "wheel" is replace with whichever package I've requested.
I don't understand why this is occurring. All those packages exist in pypi.org
https://pypi.org/project/wheel/ https://pypi.org/project/mailman/ https://pypi.org/project/psycopg2-binary/
Also, pypi.org has a valid ssl certificate signed by GlobalSign nv-sa
If I create and activate a new virtualenv named zzz, and do
(zzz) mark@msapiro:~$ pip -v install wheel mailman psycopg2-binary
I get a successful installation.
I am guessing that there is something in your local network that's redirecting connects to pypi.org to somewhere else.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 03.06.25 17:22, Henry Hartley via Mailman-users wrote:
I'm having problems installing mailman3 following the instructions on https://docs.mailman3.org/en/latest/install/virtualenv.html Everything goes well until I get to the Installing Mailman Core<https://docs.mailman3.org/en/latest/install/virtualenv.html#installing-mailm...> step, which has me do the following in my venv environment:
(venv)$ pip install wheel mailman psycopg2-binary
Ubuntu 24.04.02 LTS Python 3.12.3 pip version 24.0
First, I was getting problems because my company firewall was blocking outbound traffic. I got that taken care of. Next, I was seeing certificate errors, saying there was a self-signed certificate:
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))': /simple/wheel/ Could not fetch URL https://pypi.org/simple/wheel/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/wheel/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))) - skipping
There is no self-signed certificate in the chain, when I check it. I guess, there is a proxy somewhere which has a different certificate.
Run
$ openssl s_client -connect pypi.org:443 -showcerts
to check what certificate is presented. It should be something like:
Connecting to 2a04:4e42::223 CONNECTED(00000003) depth=2 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign verify return:1 depth=1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1 verify return:1 depth=0 CN=pypi.org verify return:1
Certificate chain 0 s:CN=pypi.org i:C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1 a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Feb 24 04:28:22 2025 GMT; NotAfter: Mar 28 04:28:21 2026 GMT ... 1 s:C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1 i:OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256 v:NotBefore: Oct 16 03:08:04 2024 GMT; NotAfter: Oct 16 00:00:00 2026 GMT ... Server certificate subject=CN=pypi.org issuer=C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1 ...
When I added --trusted-host pypi.org that error went away but I'm still unable to install anything:
Never ever do that. Find out what is happening. Either something bad is interfering with your network traffic. Or there is a proxy and the chain is different. In the latter case, you will see lots of issue until you have configured your system correctly for the proxy in place...
But never ever simply turn off security and try to install something through broken security. It defies the whole purpose of security and certificates if you simply turn it off or try to ignore it.
-Gerald
participants (4)
-
Gerald Vogt -
Henry Hartley -
Mark Sapiro -
Sam Darwin