pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (

This error message occurs when pip is unable to verify the certificate of the website it is trying to connect to. This can happen for a number of reasons, including an out-of-date certificate on the server, a problem with the certificate chain, or an issue with the client machine's certificate store.

A common solution to this problem is to use the --trusted-host option with pip to explicitly trust the host in question. For example, if you are trying to install a package from a custom repository, you can use the following command:

Install a Python package using the trusted host option of pip

pip install --trusted-host <host-name> <package-name>

This tells pip to trust packages from the specified domain. Note that --trusted-host only bypasses hostname verification, not SSL certificate verification, and pypi.org is already trusted by default.

Alternatively, if the issue persists, you could try the following command to specify a trusted CA bundle for SSL verification:

Specify a CA_BUNDLE file or directory in pip

pip install --cert /path/to/CA_BUNDLE <package-name>

This tells pip to use the specified CA bundle to verify SSL certificates.

It is worth noting that this option can also be used to add specific trusted hosts to a pip configuration file, which can be useful if you need to install multiple packages from the same untrusted host. You can also try to upgrade pip to the latest version using

Upgrade pip to the latest version command

python -m pip install --upgrade pip

Before bypassing verification, consider updating the certifi package or your OS certificate store, as this resolves most SSL verification errors. You can also set the PIP_CERT environment variable to point to your CA bundle. Please be aware that disabling SSL verification like this opens you up to potential security risks and should be used with caution.