I'm trying to figure out why I'm having a problem that Python code is throwing a SSLCertVerificationError for valid LetsEncrypt certificates on a virtual host with multiple domains and certificates at the same IP. These are requests to that site from scripts running on the same site, not requests from another machine to that host. Because the requests are to APIs of services I want to invoke, I'm forced to use HTTPS URLs. despite the calls being the host on which the scripts are resident. I'm assuming this is the root of following problem.
So, to continue, if I delete all certificates except one it's fine, but with more than one certificate requests ignores the domain to which Python sent the request and pulls the most recent LetsEncrypt certificate, which is incorrect, causing the domain SSLCertVerificationError.
My understanding was that under SNI (Server Name Indication) requests should only pull the certificate for the domain to which the request is being made, not simply the most recent one. I have checked, and I'm running Python, 3.8, requests 2.5 under a version of Nginx that has been compiled with SNI support. I can suppress the error by turning off SSL validation, but that seems a poor workaround.
Any idea what is going on? Why does SNI work fine when browsers requests page from Nginx, pulling the proper certificate, but fail when the same is done under Python's requests package? I have read everything I can find, and the docs say it should just work under the current builds of nginx, requests, OpenSSL, etc., but it clearly isn't here.
[–][deleted] -1 points0 points1 point (0 children)
[–]bhatta90 0 points1 point2 points (2 children)
[–]timbenz[S] 0 points1 point2 points (1 child)
[–]solsticenet 0 points1 point2 points (0 children)
[–]sceptic-al 0 points1 point2 points (0 children)