If you work in a cooperate environment, you may be working behind proxies and
SSL traffic may be signed by self-signed certificates. This may cause problems
while working with
pip and especially with
pipenv. With current versions
pip, it is possible to ignore SSL errors using the following
example command 1.
$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>
This approach is suitable if you know that you are behind a proxy or
a similar equipment that signs the traffic with self-signed certificates.
--trusted-host flag disables SSL checking, this will cause a
potential security risk if you are not in such network, like working at
I found that
--trusted-host flag doesn’t work as expected while working with
pipenv. There are some records about this issue 2, 3. Even with the
pip throws errors when invoked by
pipenv in my setup.
For me, setting
REQUESTS_CA_BUNDLE environment variable prior to calling
pipenv solves the problem. (I found the solution on the Stack Overflow but I
can’t remember the link). Of course, the certificate file pointed by the
varible should include the self signed certificate.
I tested on Ubuntu 16.04 but this may work on all Debian and Ubuntu derived distros.
$ export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
I tested on CentOS 7.8 but this may work on all RedHat derived distros.
$ export REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt