SSL Errors appearing randomly on new installs

[Brock1998]

Hi there,

I'm trialing the anvil-app-server for my organization, I've run through an installation a few times to get everything consistent, but I cannot work out these SSL errors.

I tried the same process three times, once it worked, twice I run into these errors, all on Windows Server 2022 - am I missing something, seems like it could be an issue with the Amazon S3 Cert, but I'm not really sure why it's random, or how to fix it? (I saw the other issue that was raised for this, but it did seem to be relevant, please correct me if I'm wrong)

I have been able to work around it by manually grabbing the link out of find_or_download_app_server() and manually placing it in site-packages/anvil_app_server - but it doesn't seem like a good long-term solution.

Basically I just want to know if I am doing something horribly wrong, or if there is just something going on in the Certificate chain for the S3 bucket this is stored in.

Downloading Anvil App Server JAR to package directory
Failed to download App Server to package directory. Retrying in ~/.anvil
Traceback (most recent call last):
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 1348, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1303, in request
self._send_request(method, url, body, headers, encode_chunked)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1349, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1298, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1058, in _send_output
self.send(msg)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 996, in send
self.connect()
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1475, in connect
self.sock = self._context.wrap_socket(self.sock,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\ssl.py", line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\ssl.py", line 1104, in _create
self.do_handshake()
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\ssl.py", line 1382, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "C:\Users\testuser1\Documents\Anvil\Applications.venv\Lib\site-packages\anvil_app_server_init_.py", line 177, in find_or_download_app_server
_urlretrieve(url, package_dir_path, show_progress)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 241, in urlretrieve
with contextlib.closing(urlopen(url, data)) as fp:
^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 216, in urlopen
return opener.open(url, data, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 519, in open
response = self._open(req, data)
^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 536, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 496, in _call_chain
result = func(*args)
^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 1391, in https_open
return self.do_open(http.client.HTTPSConnection, req,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 1351, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 1348, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1303, in request
self._send_request(method, url, body, headers, encode_chunked)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1349, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1298, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1058, in _send_output
self.send(msg)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 996, in send
self.connect()
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\http\client.py", line 1475, in connect
self.sock = self._context.wrap_socket(self.sock,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\ssl.py", line 517, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\ssl.py", line 1104, in _create
self.do_handshake()
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\ssl.py", line 1382, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "", line 198, in run_module_as_main
File "", line 88, in run_code
File "C:\Users\testuser1\Documents\Anvil\Applications.venv\Scripts\anvil-app-server.exe_main.py", line 7, in
File "C:\Users\testuser1\Documents\Anvil\Applications.venv\Lib\site-packages\anvil_app_server_init.py", line 12, in launch
jar_path = find_or_download_app_server()
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1\Documents\Anvil\Applications.venv\Lib\site-packages\anvil_app_server_init_.py", line 182, in find_or_download_app_server
_urlretrieve(url, home_dir_path, show_progress)
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 241, in urlretrieve
with contextlib.closing(urlopen(url, data)) as fp:
^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 216, in urlopen
return opener.open(url, data, timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 519, in open
response = self._open(req, data)
^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 536, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 496, in _call_chain
result = func(*args)
^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 1391, in https_open
return self.do_open(http.client.HTTPSConnection, req,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "C:\Users\testuser1.pyenv\pyenv-win\versions\3.11.9\Lib\urllib\request.py", line 1351, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)>