How to Fix Windows Python SSL Certificate Verify Failed in Anaconda/Jupyter: Resolving Requests & Google Analytics API Errors with Certifi

If you’ve encountered the dreaded SSL certificate verify failed error while working with Python in Anaconda or Jupyter Notebook on Windows—especially when using libraries like requests or interacting with APIs like Google Analytics—you’re not alone. This error occurs when Python cannot validate the SSL certificate of the server it’s trying to connect to, often due to missing or outdated Certificate Authority (CA) certificates.

In this guide, we’ll demystify the root causes of this error and walk through actionable solutions using certifi, a Python package that provides trusted CA certificates. By the end, you’ll be able to resolve SSL issues for requests and the Google Analytics API, ensuring secure and uninterrupted connections in your Anaconda/Jupyter environment.

Table of Contents#

  1. Understanding the "SSL Certificate Verify Failed" Error
  2. Common Causes on Windows
  3. Prerequisites
  4. Step-by-Step Solutions
  5. Verifying the Fix
  6. Troubleshooting Common Issues
  7. Conclusion
  8. References

Understanding the "SSL Certificate Verify Failed" Error#

SSL (Secure Sockets Layer) certificates are used to encrypt data between your Python code and a server (e.g., https://api.google-analytics.com). To ensure security, Python checks if the server’s certificate is signed by a trusted CA. If Python cannot find the necessary CA certificates locally, it throws the SSL certificate verify failed error.

In Anaconda/Jupyter environments on Windows, this error typically stems from:

  • Outdated or missing CA certificates in the environment.
  • Python libraries (like requests or Google Analytics client) not pointing to the correct CA certificate bundle.

Common Causes on Windows#

  • Outdated certifi Package: certifi is a Python library that bundles trusted CA certificates. If it’s outdated, it may lack newer CA roots.
  • Incorrect Certificate Path: Python/Anaconda may be using an old or empty CA certificate file (e.g., cacert.pem).
  • Environment Variables Misconfiguration: Libraries like requests rely on environment variables (e.g., REQUESTS_CA_BUNDLE) to locate CA certificates. These may be unset or pointing to the wrong path.
  • Proxy/Firewall Interference: Corporate proxies or firewalls sometimes block or alter SSL certificates, causing validation failures.

Prerequisites#

Before starting, ensure:

  • Anaconda or Miniconda is installed on Windows (tested with Anaconda 3 2023.09+).
  • You can access the Anaconda Prompt (search for it in Windows Start Menu).
  • Basic familiarity with running Python code in Jupyter Notebook.

Step-by-Step Solutions#

certifi is the most common source of trusted CA certificates for Python. Updating it ensures you have the latest CA roots.

Steps:#

  1. Open Anaconda Prompt: Search for "Anaconda Prompt" in the Windows Start Menu and launch it.
  2. Activate Your Environment: If using a custom Conda environment (not base), activate it with: 
    conda activate your_environment_name
  3. Update Certifi: Run the following command to upgrade certifi: 
    pip install --upgrade certifi
  4. Verify Certifi Installation: Confirm certifi is installed and note its certificate bundle path. Open Python in the Anaconda Prompt: 
    python
    Then run: 
    import certifi  
print("Certifi certificate path:", certifi.where())
    You’ll see a path like:
    C:\Users\YourUsername\Anaconda3\envs\your_environment_name\Lib\site-packages\certifi\cacert.pem

Method 2: Explicitly Use Certifi Certificates in Code#

If updating certifi doesn’t resolve the error, explicitly tell requests or the Google Analytics API to use certifi’s certificates.

For requests Library:#

By default, requests uses the system’s CA certificates, which may be outdated on Windows. Force it to use certifi’s bundle with the verify parameter:

import requests  
import certifi  
 
url = "https://www.google.com"  # Test with a secure site  
response = requests.get(url, verify=certifi.where())  # Explicitly use certifi  
print("Status code:", response.status_code)  # Should return 200 if successful

For Google Analytics API:#

The Google Analytics API (e.g., google-analytics-data v1beta) uses underlying HTTP clients that may need explicit CA certificate paths. Use Python’s ssl module to create a secure context with certifi’s bundle:

from google.analytics.data_v1beta import BetaAnalyticsDataClient  
from google.analytics.data_v1beta.types import RunReportRequest  
import ssl  
import certifi  
 
# Create an SSL context using certifi's certificates  
ssl_context = ssl.create_default_context(cafile=certifi.where())  
 
# Initialize the Google Analytics client with the custom SSL context  
client = BetaAnalyticsDataClient(ssl_context=ssl_context)  
 
# Example: Run a report (replace with your property ID)  
request = RunReportRequest(  
    property=f"properties/123456789",  # Replace with your GA4 property ID  
    dimensions=[{"name": "date"}],  
    metrics=[{"name": "activeUsers"}],  
)  
 
try:  
    response = client.run_report(request)  
    print("Report data:", response)  
except Exception as e:  
    print("Error:", e)

Method 3: Configure Anaconda Environment Variables#

Libraries like requests respect the REQUESTS_CA_BUNDLE environment variable to locate CA certificates. Set this variable to point to certifi’s cacert.pem to globally fix SSL issues in your Conda environment.

Step 1: Set the Variable Temporarily (Anaconda Prompt Session)#

In the Anaconda Prompt, run:

set REQUESTS_CA_BUNDLE=C:\Users\YourUsername\Anaconda3\envs\your_environment_name\Lib\site-packages\certifi\cacert.pem

Replace the path with the certifi.where() output from Method 1.

Step 2: Set the Variable Permanently (System-Wide)#

To avoid setting the variable every time, add it to Windows System Properties:

  1. Open System Properties: Press Win + Pause/Break → Click "Advanced system settings".
  2. Go to the Advanced tab → Click "Environment Variables".
  3. Under "User variables" (for your user) or "System variables" (all users), click "New".
    • Variable name: REQUESTS_CA_BUNDLE
    • Variable value: Paste the certifi.where() path (e.g., C:\Users\YourUsername\Anaconda3\Lib\site-packages\certifi\cacert.pem).
  4. Click "OK" to save. Restart Anaconda/Jupyter for changes to take effect.

Method 4: Replace Anaconda’s Default CA Certificates#

Anaconda uses its own CA certificate bundle at Anaconda3\Library\ssl\cacert.pem. If this file is outdated, replace it with certifi’s bundle.

Steps:#

  1. Locate Anaconda’s CA File: The default path is:
    C:\Users\YourUsername\Anaconda3\Library\ssl\cacert.pem
    (Adjust for custom environments: ...\envs\your_environment_name\Library\ssl\cacert.pem).
  2. Backup Anaconda’s CA File: Rename the existing cacert.pem to cacert_old.pem (in case of issues).
  3. Copy Certifi’s CA File: Copy certifi’s cacert.pem (from certifi.where()) to Anaconda’s ssl folder. For example: 
    copy "C:\Users\YourUsername\Anaconda3\Lib\site-packages\certifi\cacert.pem" "C:\Users\YourUsername\Anaconda3\Library\ssl\cacert.pem"

Verifying the Fix#

After applying the above methods, test with a simple script in Jupyter Notebook or Anaconda Prompt to confirm SSL errors are resolved.

Test requests with Google Analytics API Endpoint:#

import requests  
import certifi  
 
# Test Google Analytics API endpoint (public metadata endpoint)  
url = "https://analyticsdata.googleapis.com/v1beta/properties/metadata"  
response = requests.get(url, verify=certifi.where())  
print("Status code:", response.status_code)  # 200 = success  
print("Response:", response.json())  # Should return API metadata

Test Google Analytics API Client:#

If the RunReportRequest example in Method 2 returns data without SSL errors, the fix works.

Troubleshooting Common Issues#

Error: "FileNotFoundError: [Errno 2] No such file or directory: 'certifi/cacert.pem'"#

  • Cause: certifi is not installed or the path in certifi.where() is incorrect.
  • Fix: Reinstall certifi with pip install --force-reinstall certifi and verify the path again.

Error Persists After Setting REQUESTS_CA_BUNDLE#

  • Cause: The environment variable may not be propagating to Jupyter.
  • Fix: Launch Jupyter Notebook from the Anaconda Prompt (after setting the variable) to ensure it inherits the environment.

Proxy/Firewall Blocking Certificates#

  • Cause: Corporate networks may intercept SSL traffic with self-signed certificates.
  • Fix: Add your organization’s root CA certificate to certifi’s cacert.pem file (open cacert.pem in a text editor and append the root certificate).

Multiple Python Environments#

  • Cause: You may have multiple Python installations (e.g., system Python and Anaconda). Ensure you’re using Anaconda’s pip and environment.
  • Fix: Always use conda activate and run where python in the Anaconda Prompt to confirm the active Python path.

Conclusion#

SSL certificate errors in Anaconda/Jupyter on Windows are typically caused by outdated or misconfigured CA certificates. By updating certifi, explicitly referencing its certificates in code, or configuring environment variables, you can resolve these issues for requests and the Google Analytics API. Start with Method 1 (updating certifi), then progress to explicit code configuration or environment variables if needed.

References#

2025-11