Python Error SSL: CERTIFICATE_VERIFY_FAILED] with SSL requests

Hi there @perzanowski.4,

Looking at the files you provided, if you want to use HTTPS the following will work

  1. Update your docker-compose.yml file as follows
asset-server:
    restart: unless-stopped
    image: specifyconsortium/specify-asset-service
    container_name: asset-server
    init: true
    volumes:
      - "attachments:/home/specify/attachments"
      - "./web_asset_store.xml:/home/specify/web_asset_store.xml"
    environment:
      - SERVER_NAME=${ASSET_SERVER_URL}
      - SERVER_PORT=443
      - ATTACHMENT_KEY=${ASSET_SERVER_KEY}
      - DEBUG_MODE=false
  1. You will need to ammend the default web_asset_store.xml from http to https. You can simply copy and paste the snippet below:
<?xml version="1.0" encoding="UTF-8"?>
<urls>
    <url type="read"><![CDATA[https://{{host}}/fileget]]></url>
    <url type="write"><![CDATA[https://{{host}}/fileupload]]></url>
    <url type="delete"><![CDATA[https://{{host}}/filedelete]]></url>
    <url type="getmetadata"><![CDATA[https://{{host}}/getmetadata]]></url>
    <url type="testkey">https://{{host}}/testkey</url>
</urls>

  1. Lastly, in your nginx.conf you didnt include any listening section for Port 443. Not sure how you are referencing your certificate, but here is a snippet of my configuration file that should give you some help
server {
    listen 80;
    server_name specify.institute.ac.za;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name specify.institute.ac.za;

    # access_log off;
    # error_log off;
    ssl_certificate /etc/letsencrypt/live/specify.institute.ac.za/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/specify.institute.ac.za/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # serve static files directly
    location /static/ {
        root /volumes;
        rewrite ^/static/config/(.*)$ /specify6/config/$1 break;
        rewrite ^/static/depository/(.*)$ /static-files/depository/$1 break;
        rewrite ^/static/(.*)$ /static-files/frontend-static/$1 break;
    }

    # proxy these urls to the asset server
    location ~ ^/(fileget|fileupload|filedelete|getmetadata|testkey|web_asset_store.xml) {
        client_max_body_size 0;
        resolver 127.0.0.11 valid=30s;
        set $backend "http://asset-server:8080";
        proxy_pass $backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    # proxy everything else to specify 7
    location / {
        resolver 127.0.0.11 valid=30s;
        set $backend "http://specify7:8000";
        proxy_pass $backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

Shout if you still struggling and i can assist in bundling letsencrypt for automatic certificate handling.