MeilisearchCommunication Error SSL: WRONG_VERSION_NUMBER

[eznix86]

Description
I use a dockerized version of meilisearch. When using the hostname to connect, it fails.

Expected behavior
Supposed to connect.

Current behavior
Getting an SSL WRONG VERSION

Screenshots or Logs
File "/opt/.venv/lib/python3.12/site-packages/meilisearch/_httprequests.py", line 64, in send_request
raise MeilisearchCommunicationError(str(err)) from err
meilisearch.errors.MeilisearchCommunicationError: MeilisearchCommunicationError, HTTPSConnectionPool(host='meilisearch', port=7700): Max retries exceeded with url: /indexes (Caused by SSLError(SSLError(1, '[SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1000)')))

Environment (please complete the following information):

• OS: Docker, python:3.12-bookworm
• Meilisearch version: v1.7.6
• meilisearch-python version: 0.31.0

[sanders41]

This is unlikely to be related to the SDK itself. Are you behind a proxy?

[sanders41]

Also, I don't think this is the problem because I would expect a different error message, but if you haven't already try apt-get installing ca-certificates.

[eznix86]

I tried, same issue!

[sanders41]

Can you provide your Dockerfile and how you are running it? I just ran a test with python:3.12-bookworm and didn't have any issue.

[selfhiam]

I had the same problem.

0. Docker server uvuntu 22.04
1. Docker Python Version 3.12.4
2. Dokcer getmeili/meilisearch:v1.9
   I did https using the pem key with mkcert '127.0.0.1' in meilisearch.

However, when I try to connect to Python on the Ubuntu Docker server, I get an ssl.1000 error.

The code I wrote
`import meilisearch
from langchain_community.vectorstores import Meilisearch

client = meilisearch.Client(
url='https://serverIP',
api_key='API_keys',
)

print(client.get_indexes())`

Error history
`Traceback (most recent call last):
File "/sgenv/lib/python3.12/site-packages/urllib3/connectionpool.py", line 466, in _make_request
self._validate_conn(conn)
File "/sgenv/lib/python3.12/site-packages/urllib3/connectionpool.py", line 1095, in _validate_conn
conn.connect()
File "/sgenv/lib/python3.12/site-packages/urllib3/connection.py", line 652, in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/urllib3/connection.py", line 805, in ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/urllib3/util/ssl.py", line 465, in ssl_wrap_socket
ssl_sock = ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/urllib3/util/ssl.py", line 509, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/ssl.py", line 455, in wrap_socket
return self.sslsocket_class._create(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.12/ssl.py", line 1042, in _create
self.do_handshake()
File "/usr/lib/python3.12/ssl.py", line 1320, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/sgenv/lib/python3.12/site-packages/urllib3/connectionpool.py", line 789, in urlopen
response = self._make_request(
^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/urllib3/connectionpool.py", line 490, in _make_request
raise new_e
urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/sgenv/lib/python3.12/site-packages/requests/adapters.py", line 667, in send
resp = conn.urlopen(
^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/urllib3/connectionpool.py", line 843, in urlopen
retries = retries.increment(
^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/urllib3/util/retry.py", line 519, in increment
raise MaxRetryError(_pool, url, reason) from reason # type: ignore[arg-type]
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='serverIP', port=7700): Max retries exceeded with url: /indexes (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/sgenv/lib/python3.12/site-packages/meilisearch/_httprequests.py", line 50, in send_request
request = http_method(
^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/requests/api.py", line 73, in get
return request("get", url, params=params, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/requests/api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/requests/sessions.py", line 589, in request
resp = self.send(prep, **send_kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/requests/sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/requests/adapters.py", line 698, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='serverIP', port=7700): Max retries exceeded with url: /indexes (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/workspace/meili_search.py", line 9, in
print(client.get_indexes())
^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/meilisearch/client.py", line 125, in get_indexes
response = self.http.get(f"{self.config.paths.index}?{parse.urlencode(parameters)}")
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/meilisearch/_httprequests.py", line 76, in get
return self.send_request(requests.get, path)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/sgenv/lib/python3.12/site-packages/meilisearch/_httprequests.py", line 73, in send_request
raise MeilisearchCommunicationError(str(err)) from err
meilisearch.errors.MeilisearchCommunicationError: MeilisearchCommunicationError, HTTPSConnectionPool(host='serverIP', port=7700): Max retries exceeded with url: /indexes (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')))`

[sanders41]

Do you get the same error if you use curl?

Using a self signed certificate could be the issue. Does this make a difference (note, don’t do this on production)?

Make sure ca-certificates is installed sudo apt-get install --reinstall ca-certificates. Then add your certificate

sudo cp /path/to/certifi/cacert.pem /etc/ssl/certs/
sudo update-ca-certificates