[GH-ISSUE #341] Using CLI tools to request service with mkcert certs does not work (macOS) #222

New issue

Closed

opened 2026-02-25 22:32:53 +03:00 by kerem · 5 comments

kerem commented 2026-02-25 22:32:53 +03:00

Owner

Copy link

Originally created by @back-2-95 on GitHub (Feb 13, 2021).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/341

E.g. if I make requests to my local container (Traefik + mkcert generated certs) with Httpie. Note that these certs work when accessing the site with Chrome or Firefox. I use macOS Big Sur atm.

$ http --headers https://portainer.docker.sh

Will end up with following error:

http: error: SSLError: HTTPSConnectionPool(host='portainer.docker.sh', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))) while doing a GET request to URL: https://portainer.docker.sh/

Original issue from our tool:
https://github.com/druidfi/stonehenge/issues/47

• Is there some extra step I'm missing?
• Or is this a known issue?

Originally created by @back-2-95 on GitHub (Feb 13, 2021). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/341 E.g. if I make requests to my local container (Traefik + mkcert generated certs) with Httpie. Note that these certs work when accessing the site with Chrome or Firefox. I use macOS Big Sur atm. ``` $ http --headers https://portainer.docker.sh ``` Will end up with following error: ``` http: error: SSLError: HTTPSConnectionPool(host='portainer.docker.sh', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))) while doing a GET request to URL: https://portainer.docker.sh/ ``` Original issue from our tool: https://github.com/druidfi/stonehenge/issues/47 - Is there some extra step I'm missing? - Or is this a known issue?

kerem closed this issue 2026-02-25 22:32:53 +03:00

kerem commented 2026-02-25 22:32:54 +03:00

Author

Owner

Copy link

@fgm commented on GitHub (Mar 3, 2021):

Same problem with httpie on bare metal Big Sur, although curl works normally:

$ http -phb https://localhost:8443

http: error: SSLError: HTTPSConnectionPool(host='localhost', port=8443): Max retries exceeded with url: / (Caused by 
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))) while doing a GET request to URL: https://localhost:8443/
$

But:

$ curl -I  https://localhost:8443
HTTP/2 200
content-type: text/plain; charset=utf-8
content-length: 34
date: Wed, 03 Mar 2021 08:42:33 GMT
$

<!-- gh-comment-id:789544108 --> @fgm commented on GitHub (Mar 3, 2021): Same problem with httpie on bare metal Big Sur, although curl works normally: $ http -phb https://localhost:8443 http: error: SSLError: HTTPSConnectionPool(host='localhost', port=8443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)'))) while doing a GET request to URL: https://localhost:8443/ $ But: $ curl -I https://localhost:8443 HTTP/2 200 content-type: text/plain; charset=utf-8 content-length: 34 date: Wed, 03 Mar 2021 08:42:33 GMT $

kerem commented 2026-02-25 22:32:54 +03:00

Author

Owner

Copy link

@back-2-95 commented on GitHub (Mar 7, 2021):

Related discussion on httpie https://github.com/httpie/httpie/issues/768

<!-- gh-comment-id:792296459 --> @back-2-95 commented on GitHub (Mar 7, 2021): Related discussion on httpie https://github.com/httpie/httpie/issues/768

kerem commented 2026-02-25 22:32:54 +03:00

Author

Owner

Copy link

@back-2-95 commented on GitHub (Mar 7, 2021):

And https://github.com/httpie/httpie/issues/480#issuecomment-673568555

<!-- gh-comment-id:792296647 --> @back-2-95 commented on GitHub (Mar 7, 2021): And https://github.com/httpie/httpie/issues/480#issuecomment-673568555

kerem commented 2026-02-25 22:32:54 +03:00

Author

Owner

Copy link

@back-2-95 commented on GitHub (Mar 7, 2021):

So I would conclude that it's problem with a certain cli tool and not mkcert.

<!-- gh-comment-id:792296735 --> @back-2-95 commented on GitHub (Mar 7, 2021): So I would conclude that it's problem with a certain cli tool and not mkcert.

kerem commented 2026-02-25 22:32:54 +03:00

Author

Owner

Copy link

@g0t4 commented on GitHub (Nov 13, 2023):

FYI this works for *nix:

export REQUESTS_CA_BUNDLE="$(mkcert -CAROOT)/rootCA.pem"
https localhost

<!-- gh-comment-id:1808714649 --> @g0t4 commented on GitHub (Nov 13, 2023): FYI this works for *nix: ```bash export REQUESTS_CA_BUNDLE="$(mkcert -CAROOT)/rootCA.pem" https localhost ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.4.4

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.2.0

v1.1.2

v1.1.1

v1.1.0

v1.0.1

v1.0.0

v0.9.1

v0.9.0

Labels

Clear labels   

TLS stack issue

  

Windows

  

bug

  

duplicate

  

duplicate

  

enhancement

  

help wanted

  

help wanted

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

root store

  

waiting for info

No labels

TLS stack issue

Windows

bug

duplicate

duplicate

enhancement

help wanted

help wanted

pull-request

question

question

root store

waiting for info

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mkcert#222

No description provided.