OpenWebUI/docs
1
0
Fork 0
mirror of https://github.com/open-webui/docs synced 2025-05-20 11:18:42 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Troubleshoot steps for [SSL: CERTIFICATE_VERIFY_FAILED]

Browse Source
This commit is contained in:
kenneth 2024-07-30 12:36:27 -04:00
parent a7b2b0e5cb
commit c028d486cc
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
docs/troubleshooting/index.mdx
View File

@ -60,6 +60,55 @@ For detailed instructions on setting environment variables for Ollama, refer to
By following these enhanced troubleshooting steps, connection issues should be effectively resolved. For further assistance or queries, feel free to reach out to us on our community Discord.
## [SSL: CERTIFICATE_VERIFY_FAILED]
If you get this error while trying to run OI, most likely the issue is that you are on a network which intercepts HTTPS traffic (e.g. a corporate network),
you will need to add the new cert into OI's truststore.
**For pre-built Docker image**:
1. Mount the certificiate store from your host machine into the container by passing `--volume=/etc/ssl/certs/ca-certificiate.crt:/etc/ssl/certs/ca-certificiates.crt:ro` as a command-line option to `docker run`
2. Force python to use the system truststore by setting `REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt` (see https://docs.docker.com/reference/cli/docker/container/run/#env)
Example `compose.yaml` from [@KizzyCode](https://github.com/open-webui/open-webui/issues/1398#issuecomment-2258463210):
```yaml
services:
openwebui:
image: ghcr.io/open-webui/open-webui:main
volumes:
- /var/containers/openwebui:/app/backend/data:rw
- /etc/containers/openwebui/compusrv.crt:/etc/ssl/certs/ca-certificates.crt:ro
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
environment:
- WEBUI_NAME=compusrv
- ENABLE_SIGNUP=False
- ENABLE_COMMUNITY_SHARING=False
- WEBUI_SESSION_COOKIE_SAME_SITE=strict
- WEBUI_SESSION_COOKIE_SECURE=True
- ENABLE_OLLAMA_API=False
- REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
```
**For local development**:
You can also add the certificates in the build process by modifying the `Dockerfile`. This is useful if you want to make changes to the UI, for instance.
Since the build happens in [multiple stages](https://docs.docker.com/build/building/multi-stage/), you have to add the cert into both
1. Frontend (`build` stage):
```dockerfile
COPY package.json package-lock.json <YourRootCert>.crt ./
ENV NODE_EXTRA_CA_CERTS=/app/<YourRootCert>.crt
RUN npm ci
```
2. Backend (`base` stage):
```dockerfile
COPY <CorporateSSL.crt> /usr/local/share/ca-certificates/
RUN update-ca-certificates
ENV PIP_CERT=/etc/ssl/certs/ca-certificates.crt \
REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
```
## Network Diagrams of different deployments
#### Mac OS/Windows - Ollama on Host, Open WebUI in container