在我的情况下，我得到这个错误，因为请求和urllib3版本不兼容，在安装期间给出以下错误:

ERROR: requests 2.21.0 has requirement urllib3<1.25,>=1.21.1, but you'll have urllib3 1.25 which is incompatible.

pip install 'urllib3<1.25' --force-reinstall

成功了。

import requests
requests.packages.urllib3.disable_warnings()

import ssl

try:
    _create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
    # Legacy Python that doesn't verify HTTPS certificates by default
    pass
else:
    # Handle target environment that doesn't support HTTPS verification
    ssl._create_default_https_context = _create_unverified_https_context

从这里拍摄https://gist.github.com/michaelrice/a6794a017e349fc65d01

如果你在vCenter 6上，你应该将你vCenter的vmware证书颁发机构证书添加到你的操作系统的受信任CA列表中。要下载证书，请执行以下操作

打开Web浏览器。 导航到https:// 在右下角单击“下载受信任的根CA”链接

在Fedora

解压缩并将扩展名从.0更改为.cer 将其复制到/etc/pki/ca-trust/source/anchors/ 执行update-ca-trust命令。

链接:

https://virtualizationreview.com/articles/2015/04/02/install-root-self-signed-certificate-vcenter-6.aspx?m=1 http://forums.fedoraforum.org/showthread.php?t=293856

我很惊讶所有这些指导都没有解决我的问题。尽管如此，诊断是正确的(顺便说一句，我使用Mac和Python3.6.1)。所以，总结一下正确的部分:

在Mac上，苹果放弃了OpenSSL Python现在使用它自己的CA根证书集 二进制Python安装提供了一个脚本来安装Python所需的CA根证书("/Applications/Python 3.6/ install Certificates.command") 详细信息请阅读“/Applications/Python 3.6/ReadMe.rtf”

对我来说，脚本不能工作，所有那些证书和openssl安装也未能修复。也许是因为我安装了多个python2和python3，以及许多virtualenv。最后，我需要手工修理它。

pip install certifi   # for your virtualenv
mkdir -p /Library/Frameworks/Python.framework/Versions/3.6/etc/openssl
cp -a <your virtualenv>/site-package/certifi/cacert.pem \
  /Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/cert.pem

如果你还不满意的话。然后重新安装OpenSSL。

port install openssl

Ln -s /usr/local/share/certs/ca-root-nss。crt /etc/ssl/cert.pem

(10.1 FreeBSD)

The SSL: CERTIFICATE_VERIFY_FAILED error could also occur because an Intermediate Certificate is missing in the ca-certificates package on Linux. For example, in my case the intermediate certificate "DigiCert SHA2 Secure Server CA" was missing in the ca-certificates package even though the Firefox browser includes it. You can find out which certificate is missing by directly running the wget command on the URL causing this error. Then you can search for the corresponding link to the CRT file for this certificate from the official website (e.g. https://www.digicert.com/digicert-root-certificates.htm in my case) of the Certificate Authority. Now, to include the certificate that is missing in your case, you may run the below commands using your CRT file download link instead:

wget https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

mv DigiCertSHA2SecureServerCA.crt DigiCertSHA2SecureServerCA.der

openssl x509 -inform DER -outform PEM -in DigiCertSHA2SecureServerCA.der -out DigicertSHA2SecureServerCA.pem.crt

sudo mkdir /usr/share/ca-certificates/extra

sudo cp DigicertSHA2SecureServerCA.pem.crt /usr/share/ca-certificates/extra/

sudo dpkg-reconfigure ca-certificates

在此之后，您可以再次使用wget测试URL，也可以使用python urllib包进行测试。详情请参考:https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1795242