Android Raspberry 请求 api 失败 iOS 请求成功【ssl 证书配置问题】

好几个月之前，我用 node.js 部署了一个 api，然后用树莓派 python 调用竟然失败了，没找到原因，就搁置了

最近写 React Native 项目
同一个 api https://hongweizhu.com:3000/x_mood
Android 模拟器和真机请求失败
iOS 及模拟器请求成功
Postman 请求成功
Raspberry 请求失败（但是跳过 SSL 证书验证可以请求成功，用的阿里云申请的免费证书）

import requests

url = 'https://hongweizhu.com:3000/x_mood'

# 根据实际情况构造请求体，这里是一个示例
payload = {
    'title': '今日心情',
    'mood': '开心',
    'content': '今天阳光明媚，心情很好。',
}

# 如果需要身份验证或 token，可以在 headers 中添加
headers = {
    'Content-Type': 'application/json',
    # 'Authorization': 'Bearer YOUR_TOKEN_HERE',  # 如有需要
}

# 添加 verify=False 来跳过 SSL 证书验证
response = requests.post(url, json=payload, headers=headers, verify=False)

# 打印响应内容
print(f'Status code: {response.status_code}')
try:
    print('Response:', response.json())
except Exception as e:
    print('Response text:', response.text)
    print('Error parsing JSON:', e)

pi@raspberrypi:~/test $ sudo python3 test_api.py 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 705, in urlopen
    httplib_response = self._make_request(
                       ^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 388, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 1050, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 414, in connect
    self.sock = ssl_wrap_socket(
                ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 449, in ssl_wrap_socket
    ssl_sock = _ssl_wrap_socket_impl(
               ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 493, in _ssl_wrap_socket_impl
    return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/ssl.py", line 517, in wrap_socket
    return self.sslsocket_class._create(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/ssl.py", line 1108, in _create
    self.do_handshake()
  File "/usr/lib/python3.11/ssl.py", line 1379, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 489, in send
    resp = conn.urlopen(
           ^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 789, in urlopen
    retries = retries.increment(
              ^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 594, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='hongweizhu.com', port=3000): Max retries exceeded with url: /x_mooood_note (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/pi/test/test_api.py", line 19, in <module>
    response = requests.post(url, json=payload, headers=headers, verify=True)
               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/api.py", line 115, in post
    return request("post", url, data=data, json=json, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
        ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/requests/adapters.py", line 563, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='hongweizhu.com', port=3000): Max retries exceeded with url: /x_mooood_note (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)')))
pi@raspberrypi:~/test $ 

然后把 apche 配置 ssl 的部分发给 AI

		#   SSL Engine Switch:
		#   Enable/Disable SSL for this virtual host.
		SSLEngine on

		#   A self-signed (snakeoil) certificate can be created by installing
		#   the ssl-cert package. See
		#   /usr/share/doc/apache2/README.Debian.gz for more info.
		#   If both key and certificate are stored in the same file, only the
		#   SSLCertificateFile directive is needed.
		# SSLCertificateFile	/etc/ssl/certs/ssl-cert-snakeoil.pem
		# SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
		SSLCertificateFile /etc/apache2/ssl/hongweizhu.com_public.crt
		SSLCertificateKeyFile /etc/apache2/ssl/hongweizhu.com.key

没有设置中间证书链（SSLCertificateChainFile）

没有配置 chain.crt 哈哈哈哈哈
以前我想过，怎么申请的证书解压后有 3 个文件
而 apache 示例代码只给了两个，之前就配置了两条，web 浏览器，iOS 用没问题，就没管第三个文件

https://www.ssllabs.com/index.html

直到现在树莓派请求失败，android 请求失败。。。。。。

就这样吧，哈哈哈哈哈

希望对你有些帮助。

有错误或者疑问留言。

我的个人网站 点击访问 hongweizhu.com。

END

推荐一下我写的的 App 熊猫小账本，里面有用到这篇博客讲的内容

熊猫小账本 一个简洁的记账 App，用于记录日常消费开支收入，使用 iCloud 保存同步数据。

• 支持备注，自定义时间偶尔忘记记账也没关系。
• 搜索历史记账，支持分类、金额、备注。
• 启动时需要面容/指纹验证，保护个人隐私。
• 支持自定义分类功能，自由添加修改分类。
• 统计图表，支出收入一目了然。
• 每天提醒记账，不会有其他推送。
• 桌面锁屏小组件等。

点击了解更多详情 👀