dify The .env file was modified to add HTTP_REQUEST_NODE_SSL_VERIFY=False, but when adding an HTTPS model interface to the OpenAI-API-compatible model provider, an SSL verification error still occurs.

Self Checks

[x] This is only for bug report, if you would like to ask a question, please head to Discussions.
[x] I have searched for existing issues search for existing issues, including closed ones.
[x] I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
[x] [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
[x] Please do not modify this template :) and fill in all the required fields.

Dify version

1.1.0

Cloud or Self Hosted

Self Hosted (Source)

Steps to reproduce

The .env file was modified to add HTTP_REQUEST_NODE_SSL_VERIFY=False, but when adding an HTTPS model interface to the OpenAI-API-compatible model provider, an SSL verification error still occurs.

✔️ Expected Behavior

No response

❌ Actual Behavior

No response

Mar 20 '25 01:03 peterliang5678

I found two similar discussions that might be relevant to your issue:

Caused by SSLError(SSLCertVerificationError - This discussion is still open and might contain useful insights regarding SSL verification errors ^[1].
How to ignore HTTPS certificate verification for HTTP nodes? - This discussion is also open and addresses how to bypass SSL certificate verification ^[2].

Regarding your issue, ensure that the HTTP_REQUEST_NODE_SSL_VERIFY environment variable is correctly set to False in your configuration. This variable is used to control SSL verification in the Dify codebase, specifically in the httpx.Client initialization. If the error persists, double-check that the environment variable is being correctly loaded and applied in your application setup ^[3].

To continue talking to Dosu, mention @dosu.

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Bug Report | Other}

Mar 20 '25 01:03 dosubot[bot]

Same here, version: 1.0.1 It seems to be some bug in plugin_daemon service? But I still got same error after i added certificate files in API,web and plugin_daemon

Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)'))

Mar 20 '25 03:03 sylcjl

Same, version 1.1.3 What's more, it work fine last night, but in this morning, it happened suddenly, without any action. I searched the keyword "SSL" in the config ".env" , all the value is "False".

3.28 update: after docker compose down and compose up -d , it worked again, and I don't know why

Mar 27 '25 01:03 zhangchievil

version 1.1.3

error info: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1010)

Docker api error log: [ssrf_proxy.py:74] - Request to URL https://xxxxx failed on attempt 1: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1010)

Mar 27 '25 05:03 fqyy365t

Dear Team,

I have identified the potential cause of the issue. In the file api/core/helper/ssrf_proxy.py on lines 59 and 60, the httpx.HTTPTransport class appears to define its own verify parameter. This seems to conflict with the verify parameter of the httpx.Client, causing it to fail. To address this, the following modification can be made:

proxy_mounts = {
    "http://": httpx.HTTPTransport(proxy=dify_config.SSRF_PROXY_HTTP_URL, verify=HTTP_REQUEST_NODE_SSL_VERIFY),
    "https://": httpx.HTTPTransport(proxy=dify_config.SSRF_PROXY_HTTPS_URL, verify=HTTP_REQUEST_NODE_SSL_VERIFY),
}

This replaces the original configuration, which lacked the explicit verify parameter. After making this change, restart the container using the command docker restart docker-api-1. This solution has resolved the issue for now. However, further optimization may be necessary in future versions to ensure long-term stability.

Apr 01 '25 02:04 luccfighting

In my case this issue is due to the plugin library has HTTPS verify in the requests package.

I modify the code of session.py in /home/dify/docker/volumes/plugin_daemon/cwd/langgenius/openai_api_compatible-0.0.11@410445eba2fa0f693d26dea2c3b9ffe51ad0777e021146ff877af6098412efc7/.venv/lib/python3.12/site-packages/requests

self.verify = False

Apr 07 '25 01:04 xuchenCN

.ENV config ssl_verify =false, The plugin is not effective

Aug 22 '25 03:08 lzzzzzzzzz