Search
India English
Kenya English
United Kingdom English
South Africa English
Nigeria English
United States English
United States Español
Indonesia English
Bangladesh English
Egypt العربية
Tanzania English
Ethiopia English
Uganda English
Congo - Kinshasa English
Ghana English
Côte d’Ivoire English
Zambia English
Cameroon English
Rwanda English
Germany Deutsch
France Français
Spain Català
Spain Español
Italy Italiano
Russia Русский
Japan English
Brazil Português
Brazil Português
Mexico Español
Philippines English
Pakistan English
Turkey Türkçe
Vietnam English
Thailand English
South Korea English
Australia English
China 中文
Somalia English
Canada English
Canada Français
Netherlands Nederlands

How To Fix the Dreaded AWS CLI SSL Certificate Verify Failed Error

Posted byKevin K.

Ever tried running an AWS CLI command, only to be greeted by the cryptic “[SSL: CERTIFICATE_VERIFY_FAILED]” error?

Yeah, it’s a real buzzkill.

But don’t worry, we’re here to break down this issue in plain English and get you back on track.

First, Understand the Root of the Problem

Before we talk about the solutions, let’s understand what this error actually means.

  • SSL/TLS: Think of these as the bodyguards of the internet, ensuring secure communication between your computer and AWS servers.
  • Certificates: These are like digital IDs for websites and services, verifying their authenticity.  
  • Verification Failed: This error pops up when your AWS CLI can’t confirm the legitimacy of the SSL certificate presented by the AWS server. It’s like your bodyguard saying, “Hold up, I don’t recognize this guy!”  

Common Causes

  • Misconfigured Proxy: If you’re behind a corporate proxy, it might be interfering with the SSL handshake.  
  • Outdated Certificates: Your system’s certificate store might be outdated, causing it to reject valid certificates.
  • Incorrect System Time: A significant discrepancy between your system’s clock and the actual time can also trigger this error.

Step-by-Step Solutions To aws cli ssl certificate_verify_failed

Check Your Proxy Settings

If you’re using a proxy, ensure it’s configured correctly in your AWS CLI config file or environment variables.

Some proxies might require you to install their root certificate on your system.  

Update Your System’s Certificates

Windows:

  • Open the “certmgr.msc” utility to manage certificates.  
  • Make sure you have the latest root certificates installed from a trusted source.

macOS/Linux:

Update your system’s package manager (e.g., brew, apt, yum) and ensure the ca-certificates package is up to date.

Verify System Time

Check that your system’s clock is accurate. An incorrect time can mess with certificate validation.  

Advanced Troubleshooting (If the Above Doesn’t Work)

  • Specify the CA Bundle: If your organization uses a custom CA, you might need to explicitly tell the AWS CLI where to find its root certificate. You can do this using the AWS_CA_BUNDLE environment variable.
  • Disable SSL Verification (Temporary Fix): As a last resort, you can temporarily disable SSL verification using the --no-verify-ssl flag. Use this with caution, as it compromises security.

Conclusion

Encountering the “SSL: CERTIFICATE_VERIFY_FAILED” error can be frustrating, but with a systematic approach, you can usually resolve it. Remember, maintaining proper system hygiene and configuration is key to a smooth AWS CLI experience.

So, next time this error pops up, don’t panic. Just roll up your sleeves, follow these steps, and get back to conquering the cloud!

Have you ever encountered any other AWS CLI errors? Share your experiences in the comments below.

Read also:

error

Enjoy this blog? Please spread the word :)