FROM CACHE - en_header
Promotion image

SSL Certificate Verification Failed When Calling Webhooks API from Server

SSL Certificate Verification Failed When Calling Webhooks API from Server

sawarn
Shopify Partner
2 0 5
‎04-30-2025 05:56 AM

Hi everyone,

I’m encountering an SSL-related issue when trying to fetch the list of webhooks from our Shopify Development store (pop-store-sit.myshopify.com) using the Admin API (2024-01). The call fails with the following error:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1147)

Here’s the full traceback for reference:

HTTPSConnectionPool(host='pop-store-sit.myshopify.com', port=443): Max retries exceeded with url: /admin/api/2024-01/webhooks.json?fields=id,address,topic,format (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1147)')))

We’re using a Python-based backend inside a containerized environment. It appears the SSL handshake fails because it can’t verify the Shopify server’s certificate due to missing root/intermediate CA certificates.

Can someone here confirm:

  1. If there were any recent changes to the SSL certificate or intermediate chain for .myshopify.com` domains?
  2. If there is a documented list of certificate authorities Shopify uses for these domains?
  3. Any recommended workaround or best practice when dealing with SSL verification issues for Shopify endpoints in containerized environments?

Thanks in advance!

Labels:
2,083 Views
5 Likes
Report
Replies 10 (10)

goldi07
Navigator
364 38 69
‎04-30-2025 06:57 AM

Hello @sawarn 

 

You're absolutely on point in diagnosing this: the SSL: CERTIFICATE_VERIFY_FAILED error typically stems from missing or outdated CA certificates in your containerized environment — not an issue with Shopify’s SSL configuration itself.

 

Quick Answers to Your Questions:
1. Recent changes to Shopify’s SSL or CA chain?
. As of now, there are no announced changes to Shopify's SSL certificate structure for *.myshopify.com.

. Shopify uses standard SSL certs issued by globally trusted Certificate Authorities (usually DigiCert, Let's Encrypt, or Cloudflare-managed certs).

2. Is there a documented list of CAs Shopify uses?
. Shopify does not maintain a public list of issuing CAs.

. However, their certs typically validate correctly if your system trusts Mozilla’s CA bundle (used by certifi in Python).

3. Best practice/workaround for containerized environments?
Yes! Here's what you should do:

 

 

Recommended Fix: Update/Add CA Certificates
If you’re using Python in Docker, it likely doesn’t have the root CA certs installed by default — especially in lightweight base images like python:3.x-slim.

Fix for Debian/Ubuntu-based containers:
Add the CA certificates to your image:

dockerfile..

FROM python:3.11-slim

# Install CA certificates
RUN apt-get update && apt-get install -y ca-certificates curl && update-ca-certificates

# Install your Python dependencies
COPY requirements.txt .
RUN pip install -r requirements.txt

# Your app setup
COPY . /app
WORKDIR /app
CMD ["python", "main.py"]

 

 

Optional (for Python SSL in code): Use certifi
If your code is using requests, you can enforce cert verification with certifi's CA bundle:

import requests
import certifi

response = requests.get(
    "https://pop-store-sit.myshopify.com/admin/api/2024-01/webhooks.json",
    headers={"X-Shopify-Access-Token": "your-access-token"},
    verify=certifi.where()
)

This ensures that even if your system CA bundle is broken or missing, Python can verify the cert via certifi.

 

 

 

Don’t Do:
Avoid turning off SSL verification (verify=False in requests) — that introduces major security risks and is not acceptable in production.

 

 

 

TL;DR Fix Summary:
. Install ca-certificates inside your Docker container

. Use certifi in Python to ensure up-to-date root CAs

. Rebuild and redeploy your container

 

 

 

Thank you 😊

Was I helpful?

Buy me a coffee


APPS BY US :

Professional Customer Accounts APP


Want to modify or custom changes or bug fix on store . Or Need help with your store? Or -Want Complete Storefront
Email me -Goldi184507@gmail.com - Skype: live:.cid.819bad8ddb52736c -Whatsapp: +919317950519
Checkout Some Free Sections Here
2,052 Views
1 Like
Report
In response to goldi07

ShipAware
Tourist
7 0 8
‎05-09-2025 07:18 AM

Thanks. Confirmed adding update-ca-certificates and ca-certificates to my Dockerfile worked.
certifi was still at 2025.1.31 and wasn't working before this Dockerfile addition.

1,004 Views
0 Likes
Report

Flowsist
Visitor
1 0 0
‎04-30-2025 01:34 PM

Same issue. 

2,009 Views
0 Likes
Report

ZK-PB
Shopify Partner
4 0 0
‎04-30-2025 06:48 PM

Same issue here. Just started popping up in the last 48 hours and we haven't changed anything. Our code environment is in Google Cloud Run.

1,963 Views
0 Likes
Report

hsyyid
Shopify Partner
1 0 0
‎04-30-2025 07:06 PM

same here, started within last 24 hours looks like

1,949 Views
0 Likes
Report

Serzholino
Visitor
2 0 6
‎05-01-2025 07:59 AM

This is related to release of new 'certifi' python package which holds CA certificates. Reverting to the previous version helped in our case. 
“pip install certifi==2025.1.31” or pin this version in requirements.txt

1,890 Views
5 Likes
Report
In response to Serzholino

API_services
Shopify Partner
1 0 0
‎05-02-2025 10:44 AM

Thank you!!

1,680 Views
0 Likes
Report

Havik
Excursionist
16 3 8
‎05-01-2025 08:55 PM

We have the same issues as well. We have a Python script that is running that suddenly broke and we have been tirelessly try to find a solution for it. We actually put another proxy but it seems to not be working. At this point, I wonder if this is Shopify specific issue or something else entirely. Any of the those replied here have the similar dev environment as us. 

Our enviroment,
Python 3.8 (bump it to Python latest 3.13)
Shopify Admin API 2024-10 ver

Google Kubernetes Engine

1,806 Views
0 Likes
Report
In response to Havik

Serzholino
Visitor
2 0 6
‎05-02-2025 03:03 AM

As I wrote before this was triggered by new release of cerfifi package. https://github.com/certifi/python-certifi/issues/349

It seems that they did nothing wrong with this release, but it revealed bugs in another services.
Snowflake was affected, but they already released new version of their python connector with the fix.

Also Cloudflare is affected and consequently all the sites behind it (Shopify included). Cloudflare is aware of this issue and working on the fix.

Workaround for now is to downgrade certifi version to 2025.1.31

1,753 Views
1 Like
Report
In response to Serzholino

Havik
Excursionist
16 3 8
‎05-02-2025 03:41 AM

Yeah, I saw your post after I post my reply up. Also have read thru the issue page on it on Certifi GH. It was just that simple and straightforward of a patch 🤡 . Really pissed that Shopify didn't attempted to give a good response to our emails ( all response reads like an AI would spit out ) thus all this wild goose chase. 

We are pinning our Certifi version to `2025.1.31` until there's further development on the issue.

Anyways, thanks for your post. Got a like from me.

1,735 Views
1 Like
Report

Community Blog Articles

441285313-63bbef53-3fbe-4e8b-a706-5b37afa90468.png
Automate store operations with Shopify Academy & Coding with Jan

Learn how to build powerful custom workflows in Shopify Flow with expert guidance from ...

By Jacqui May 7, 2025
April.jpg
Highlighting our Members of April '25

Did You Know? May is named after Maia, the Roman goddess of growth and flourishing! ...

By JasonH May 2, 2025
page_thumb_partner.jpg
Enhance a brand’s visibility with Shopify Academy's new SEO resources

Discover opportunities to improve SEO with new guidance available from Shopify’s growth...

By Jacqui May 1, 2025
Terms of Service Privacy Policy