Once you run some command in the AWS CLI, for example aws s3 ls
, you may get the error as follows:
SSL validation failed for <endpoint_url> [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
To workaround the issue you can add the --no-verify-ssl
option to the AWS CLI:
$ aws s3 ls --no-verify-ssl
But this is not secure and will cause the following warning:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
Cool Tip: How to get SSL certificate from a server (site’s URL)! Read more →
AWS CLI: SSL Validation Failed
To use the AWS CLI with HTTPS certificate verification, it is required to specify the path to a custom certificate bundle.
This can be done by setting the AWS_CA_BUNDLE
environment variable.
Linux: $ export AWS_CA_BUNDLE="/data/ca-certs/ca-bundle.pem" Windows: PS C:\> setx AWS_CA_BUNDLE C:\data\ca-certs\ca-bundle.pem
Or by using the --ca-bundle
command-line parameter:
$ aws s3 ls --ca-bundle "/data/ca-certs/ca-bundle.pem"
Or by setting the ca_bundle
in the AWC CLI configuration file:
$ nano ~/aws/.config $ cat ~/aws/.config [default] ca_bundle = /data/ca-certs/ca-bundle.pem