AWS CLI install with homebrew keep error with [SSL: CERTIFICATE_VERIFY_FAILED]

Question

My system is M1 Mac with macOS 12.3.1 and aws cli install via homebrew when tried to run aws s3 ls it keep error with SSL validation failed for https://s3.{awsregion}.amazonaws.com/ [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)

I've check python3 SSL path with command python3 -c 'import ssl; print(ssl.get_default_verify_paths())' result is DefaultVerifyPaths(cafile='/opt/homebrew/etc/[email protected]/cert.pem', capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/opt/homebrew/etc/[email protected]/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/opt/homebrew/etc/[email protected]/certs')

which means it uses brew install version of [email protected] and python3 also uses brew install version [email protected] location is /opt/homebrew/bin/python3

I've tried reinstalling awscli, [email protected], and also [email protected] then also tried to

1. Uninstall Python3 from brew
2. Install Python with the installer from Python website
3. Execute Install Certificates.command in the Python folder
4. Uninstall Python
5. Install [email protected] from brew

also gave me the same error.

Here little information about my system

• M1 Mac - MacOS 12.3.1
• Python3 - brew [email protected] (3.9.12)
• OpenSSL - brew [email protected] (1.1.1n)
• AWS CLI - brew awscli (2.6.0)
• Xcode CLT - 13.3.1.0.1.1648687083
• Clang - 13.1.6 build 1316

Does anyone have any idea about this issue? Thank you in advance.

Answer 1

Set the AWS_CA_BUNDLE environmental variable to the cert.pem file from Mozilla (available in formulae "ca-certificates") like so:

export AWS_CA_BUNDLE=$HOMEBREW_PREFIX/etc/ca-certificates/cert.pem