pip is configured with locations that require tls/ssl, however the ssl module in python is not available.
Here’s a clear, SEO‑friendly “quick scoop” style breakdown of the error:
Error:
pip is configured with locations that require TLS/SSL, however the ssl module in python is not available.
This usually means your Python was built or installed without OpenSSL/SSL
support , so pip cannot make HTTPS connections to PyPI.
🧩 What this error really means
When you run pip install <package>, pip must connect to https://pypi.org
using TLS/SSL.
The Python standard library uses the ssl module for this. If Python can’t
import ssl, you get:
text
WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
ERROR: Could not fetch URL https://pypi.org/simple/...: There was a problem confirming the ssl certificate...
So the core problem is not really “pip is broken” – it’s “this Python doesn’t have working SSL”.
🔍 Quick checks you should do first
- Check which Python you’re using
Run in your shell:
bash
python --version
which python
and/or
bash
python3 --version
which python3
Make sure you know whether this is:
- System Python (e.g., on Linux),
- Homebrew Python (macOS),
- Microsoft Store/Windows Store Python,
- Conda/virtualenv/venv Python.
- Test if the ssl module is importable
Run:
bash
python -c "import ssl; print(ssl.OPENSSL_VERSION)"
If this fails with ModuleNotFoundError: No module named 'ssl' or a similar
error, that confirms the issue.
🛠️ Common fixes by platform
1. Linux (Ubuntu/Debian, CentOS, etc.)
On many Linux systems, the problem appears when Python was compiled before OpenSSL dev libraries were installed , or when you’re using a minimal image/container. Step 1 – Install required SSL dev packages For Ubuntu/Debian:
bash
sudo apt-get update
sudo apt-get install -y build-essential libssl-dev libffi-dev \
libbz2-dev libreadline-dev libsqlite3-dev \
zlib1g-dev
For CentOS/RHEL:
bash
sudo yum groupinstall -y "Development Tools"
sudo yum install -y openssl-devel bzip2-devel libffi-devel zlib-devel
Step 2 – Reinstall or recompile Python If you installed Python from source:
bash
cd /path/to/Python-<version>
./configure --enable-optimizations
make -j4
sudo make altinstall
This rebuilds Python with SSL support (assuming the dev libraries are there). If you use a distro package:
-
Prefer the distro’s Python (
python3,python3-pip) instead of a custom one. -
Reinstall using package manager:
bash
sudo apt-get install --reinstall python3 python3-pip
(on Debian/Ubuntu; adjust for your distro) Step 3 – Make sure you’re using
the right Python Sometimes you have multiple Pythons and pip points to the
wrong one. Run:
bash
python3 -m pip --version
which python3
Then always use:
bash
python3 -m pip install <package>
to ensure the pip tied to that Python is used.
2. macOS (especially with Homebrew)
On macOS, a common cause is Homebrew’s OpenSSL not properly linked when Python was installed. Step 1 – Ensure OpenSSL is installed
bash
brew install openssl
Step 2 – Reinstall Python via Homebrew
bash
brew reinstall python
Homebrew’s Python usually picks up its own OpenSSL and builds SSL correctly. If things still fail, you can check the link instructions:
bash
brew info openssl
It will often show environment variables or flags to export when compiling from source. Again, use:
bash
python3 -m pip install <package>
3. Windows (classic installer vs Store vs Conda)
On Windows, the problem often occurs with:
- Broken or incomplete Python installation.
- Using the Microsoft Store Python, which can be quirky.
- A misconfigured environment or corrupted SSL DLLs.
Step 1 – Test ssl import
cmd
python -c "import ssl; print(ssl.OPENSSL_VERSION)"
If it fails: Step 2 – Reinstall Python from python.org
- Go to
https://www.python.org/downloads/. - Download the latest 3.x installer for Windows.
- During setup:
- Check “Add Python to PATH”.
- Choose “Customize installation” , ensure
pipandSSLrelated features are selected (they are by default).
- Finish installation.
Then open a new Command Prompt and run:
cmd
python -m pip install <package>
Alternative: use Conda If you install Anaconda or Miniconda:
cmd
conda create -n myenv python=3.11
conda activate myenv
python -m pip install <package>
Conda environments usually come with SSL working out of the box.
🎛️ Virtualenv/venv & multiple Pythons
Sometimes the error appears only inside a virtual environment , but not with the system Python. Typical reasons:
- The venv was created from a Python without SSL.
- Wrong interpreter path.
Fix: recreate the environment from a working Python
- From a Python where
import sslworks:
bash
python -m venv .venv
source .venv/bin/activate # on Linux/macOS
# or
.\.venv\Scripts\activate # on Windows
- Then install packages:
bash
python -m pip install <package>
If the base interpreter has SSL, the new venv will too.
📌 Quick “last resort” workarounds (not ideal, but common in forums)
These are seen in discussions, but use with caution:
-
Use HTTP index instead of HTTPS
Very insecure and usually not recommended, but sometimes used in air‑gapped or internal mirrors.
Only if you fully trust the network and mirror. -
Download wheels manually
- Download
.whlfile from a trusted machine. - Copy to the target machine.
- Install with:
- Download
bash
python -m pip install somepackage‑x.y‑py3‑none‑any.whl
- Downgrade Python version
Some users report that a specific version of Python in their environment was misbuilt and an older patch version worked.
Example: downgrade from 3.7.5 to 3.7.0 in a specific Conda combination.
🧠 Why this became a “trending” topic
In recent years, a few trends have made this error pop up all over forums and Q&A sites:
-
Containerization (Docker images):
Minimal images (like slim or alpine) often lack SSL dev libraries by default, so custom Python builds lose SSL support. -
CI/CD and cloud shells:
Ephemeral build agents or cloud shells sometimes ship with half‑configured Python, leading to “pip TLS/SSL” warnings during automated builds. -
Multiple Python sources:
People install Python from their OS, Homebrew, Conda, the Store, and source all at once. Paths get mixed, and you may end up using a Python that wasn’t compiled with OpenSSL.
Because pip is central to modern Python workflows, any SSL misconfiguration
becomes highly visible and quickly ends up in forum and Reddit posts.
✅ Practical step‑by‑step “fix recipe”
You can think of the fix sequence like this:
-
Confirm the issue
bash python -c "import ssl; print(ssl.OPENSSL_VERSION)" -
Install system SSL dev libraries (Linux)
Use your package manager (e.g.,apt-get install libssl-dev). -
Reinstall or recompile Python ensuring SSL is detected
- Reinstall via official package or Homebrew.
- If from source, run
./configureafter installing OpenSSL dev libs.
-
Use
python -m pipfrom the correct interpreter
Avoid mixingpip,pip3,python,python3from different locations. -
Recreate virtual environments
Any old venvs created from the broken Python should be recreated after the base Python is fixed.
Mini FAQ
Q: Can I fix this just by reinstalling pip?
A: No. The issue is in Python’s ssl module , not in pip itself.
Reinstalling pip won’t help until Python has SSL. Q: Is there a simple
one‑line fix?
A: Often no, because you must either install missing OS libraries or reinstall
Python. The fastest “simple” fix is usually: reinstall Python from a standard
distribution that bundles SSL correctly (python.org, Homebrew, Conda). Q:
Why did this suddenly start happening on my CI pipeline?
A: Your base image or runner image might have changed (new Docker tag, updated
OS, different Python), and the new one is missing SSL dev libs for the Python
build. If you tell me:
- Your OS,
- How you installed Python,
- And what
python -c "import ssl; print(ssl.OPENSSL_VERSION)"prints,
I can give you a very precise set of commands tailored to your setup.