If you’ve ever run into this error while trying to install a Python package:
pip._vendor.requests.exceptions.SSLError: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /pypi (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))You’re not alone. This usually happens when your system’s SSL or crypto policies are outdated or too strict for Python’s pip to verify certificates from PyPI.
✅ Here’s how I fixed it:
1/Update your system’s crypto policies
On many Linux systems (especially RHEL-based distros like CentOS, Rocky, AlmaLinux, etc.), you can run:
sudo update-crypto-policies --set DEFAULTThis resets your system’s crypto policies to a more compatible default, which often resolves SSL verification issues.
2/Use trusted-host flags with pip
If you’re still having trouble, you can bypass SSL verification for specific trusted domains by adding these flags to your pip install command:
pip install <your-package> \
--trusted-host pypi.org \
--trusted-host pypi.python.org \
--trusted-host files.pythonhosted.orgThis tells pip to trust these domains even if SSL verification fails.
