Skip to content

How to resolve ClientConnectorCertificateError? #13640

New issue
New issue
Open
Open
How to resolve ClientConnectorCertificateError?#13640
Labels
priority: p2Moderately-important priority. Fix may not be included in next release.samplesIssues that are directly related to samples.triage meI really want to be triaged.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.
@jshen130

Description

@jshen130
jshen130
opened on Nov 20, 2025

Thanks for stopping by to let us know something could be better!

PLEASE READ: If you have a support contract with Google, please create an issue in the support console instead of filing on GitHub. This will ensure a timely response.

The issue you're having must be related to a file in this repository. We are unable to provide assistance for issues unrelated to samples in this repository.

Please include as much information as possible:

In which file did you encounter the issue?

cloud-sql/mysql/sqlalchemy/connect_connector.py

Did you change the file? If so, how?

No

Describe the issue

When following the local run instructions and executing python app.py, I get the error:
aiohttp.client_exceptions.ClientConnectorCertificateError: Cannot connect to host sqladmin.googleapis.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)')]

I followed the setup instructions as follows:

  1. If you haven't already, set up a Python Development Environment by following the python setup guide and create a project.
  • installed the python, venv, google-cloud-storage, gcloud cli
  • created a project
  1. Create a 2nd Gen Cloud SQL Instance by following these instructions. Note the connection string, database user, and database password that you create.
  • created a MySQL instance with private IP connection
  • connection string was obtained from the "Connection name" field in the instance overview
  • database user was the default 'root' user
  • database password was the generated password for 'root' user
  1. Create a database for your application by following these instructions. Note the database name.
  • created a database
  • database name is the name of the database
  1. Create a service account with the 'Cloud SQL Client' permissions by following these instructions. Download a JSON key to use to authenticate your connection.
  • created a service account through "IAM & Admin" > "Service Accounts" > "+ Create service account" with 'Cloud SQL Client' permissions and 'Cloud SQL Instance User' permissions
  • added this service account to my SQL instance in "Cloud SQL" > "Users" > "+ Add user account" > "Cloud IAM"
  • downloaded the key from the service account "Keys" tab > "Add key"

Debugging attempts:
I updated openssl, certifi, urllib3 but these client side certificates were not the issue. Is there a problem with my setup of SQL instance, service account, etc?

Making sure to follow these steps will guarantee the quickest resolution possible.

Thanks!

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority: p2Moderately-important priority. Fix may not be included in next release.samplesIssues that are directly related to samples.triage meI really want to be triaged.type: bugError or flaw in code with unintended results or allowing sub-optimal usage patterns.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions