MobileRead Forums - View Single Post - Let's Encrypt, Root CAs and python used with Calibre

jhowell · 10-01-2021, 06:31 PM

Python (and calibre) when running under Windows uses the Windows system certificate store.

That can sometimes causes problems because that store is typically only updated when used. In most cases calibre root certificate problems can be corrected by opening Internet Explorer (or Edge) and navigating to the site that is experiencing problems.

However in this case when I tried it for a Let's Encrypt based site that was giving my plugin trouble at the end of September it still did not correct the problem. I was eventually able to get it working by removing an expired intermediate certificate from the Windows store. My assumption is that the presence of this certificate was causing python's SSL/TLS handling to fail. More details in this post.

10-01-2021, 06:31 PM	#2
jhowell Grand Sorcerer Posts: 7,085 Karma: 91577715 Join Date: Nov 2011 Location: Charlottesville, VA Device: Kindles	Python (and calibre) when running under Windows uses the Windows system certificate store. That can sometimes causes problems because that store is typically only updated when used. In most cases calibre root certificate problems can be corrected by opening Internet Explorer (or Edge) and navigating to the site that is experiencing problems. However in this case when I tried it for a Let's Encrypt based site that was giving my plugin trouble at the end of September it still did not correct the problem. I was eventually able to get it working by removing an expired intermediate certificate from the Windows store. My assumption is that the presence of this certificate was causing python's SSL/TLS handling to fail. More details in this post.