If you are behind a proxy that breaks SSL (basically it does a man-in-the-middle attack, hopefully with your consent, typically for deep inspection) you may need to tell
pip to use the system certificate store (presuming that trusts the proxy’s certificate), rather than its embedded one, via the
PIP_CERT environment variable.
# Force pip to use the system certificates instead of its own bundle. # Necessary if behind a proxy that breaks end-to-end SSL. if [ -f /etc/debian_version ] then export PIP_CERT=/etc/ssl/certs/ca-certificates.crt elif [ -f /etc/redhat-release ] then export PIP_CERT=/etc/ssl/certs/ca-bundle.crt else echo "Unsupported distribution, unable to set PIP_CERT correctly." >&2 fi