Forum Archive

PyMongo ServerSelectionTimeoutError

Penguin Master
Jul 08, 2021 - 03:37

Hi, I'm trying to use PyMongo and MongoDB with Pythonista 3, but I'm getting this error:

pymongo.errors.ServerSelectionTimeoutError: SSL handshake failed: redacted-db-shard-00-02.loevh.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749),SSL handshake failed: redacted-db-shard-00-01.loevh.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749),SSL handshake failed: redacted-db-shard-00-00.loevh.mongodb.net:27017: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

Ignore the redacteds, I just put those to hide the sensitive info. I know the URL is right, because I tested that exact connection URL on MongoDB (with the same code), so the issue is with Pythonista/iPadOS. Thanks in advance :)

ccc
Jul 08, 2021 - 07:16

https://forum.omz-software.com/topic/6751/pymongo-errors-configurationerror-resolver-configuration-could-not-be-read-or-specified-no-nameservers

JonB
Jul 08, 2021 - 11:39

Since you are getting a certificate failure, you might try the pep 473 approach to monkeypatch ssl to not verifying certificates:

import ssl

try:
    _create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
    # Legacy Python that doesn't verify HTTPS certificates by default
    pass
else:
    # Handle target environment that doesn't support HTTPS verification
    ssl._create_default_https_context = _create_unverified_https_context

If that works, then the issue is probably that the certificate is wrong (hostname doesn't match cert, etc) or not signed by a trusted CA. There may be ways to install the certificate locally in that case.

Penguin Master
Jul 08, 2021 - 15:47

@ccc Thanks, but that's not the same error and besides, I'm already using dns.resolver

Penguin Master
Jul 08, 2021 - 15:58

@JonB Update: that sadly didn't fix it. I'm getting the exact same error still. Are there any other possible solutions? Thanks

JonB
Jul 09, 2021 - 10:19

You could try pip install certifi.

Is this your own server? Take a look at the certificate, and check if the signing authority is trusted... Or install the certificate in the trust store (maybe editing certifi's cacerts.pem)

JonB
Jul 09, 2021 - 10:23

See https://stackoverflow.com/questions/54484890/ssl-handshake-issue-with-pymongo-on-python3

There are a few options in that thread. One uses ssl_cert_reqs=ssl.CERT_NONE. the other uses ca=certifi.where(), and tlsCAFile=ca.

Penguin Master
Jul 09, 2021 - 18:08

@JonB thanks, I'll try those

Penguin Master
Jul 09, 2021 - 18:31

@JonB thank you so much! It's working perfectly again :)

JonB
Jul 10, 2021 - 01:10

For reference, which solution worked?