Getting CERTIFICATE_VERIFY_FAILED when using Shotgun Desktop on a local Shotgun site


When using a local install of Shotgun, this error can arise in two scenarios:

  1. when logging in Shotgun Desktop
  2. when downloading media from the Toolkit AppStore

This problem usually arises because you’ve configured your local site to use HTTPS, but you haven’t configured Toolkit so that the certificate authority (known as CA from here on out) that you’ve used to sign your local site’s certificate is recognized.

To solve this issue, need to provide a file to the Shotgun API that contains the list of all valid CAs, including your own. We usually recommend that people download a fresh copy of this file from Python’s certifi package as a starting point and then add their own CA at the end of the file. Then, save that file in a location all your users can access. Finally, on each computer, set the SHOTGUN_API_CACERTS environment variable to the full path to that file, for example /path/to/my/ca/file.pem.

Doing this should solve any CERTIFICATE_VERIFY_FAILED errors you are getting with your local site. Note that if you are able to connect to your Shotgun site, but are still unable to download updates from the Toolkit AppStore, that’s likely because you are missing the Amazon CAs in your .pem file. This usually happens if you’ve started from an empty file and only added your custom CAs instead of starting from something like the file we’ve linked to above.

Note that this information only applies to local installs. If you have a hosted site and are experiencing this error, if it’s happening on Windows, take a look at this forum post. If it’s happening on a different OS, take a look at this document.

If you still encounter this issue with your local site, or if you encounter it with your hosted site, do not hesitate to reach out here or through

Have a nice day!