I have question regarding self-signed certificates. I would like to extract data from our self-hosted Jira instance. When I test the https://hub.meltano.com/extractors/tap-jira--singer-io/ extractor, I get an error - which I assume is from our self-signed certificate.

➜ meltano config tap-jira test
2024-06-28T13:33:54.838450Z [info     ] The default environment 'dev' will be ignored for `meltano config`. To configure a specific environment, please use the option `--environment=<environment name>`.
Need help fixing this problem? Visit <http://melta.no/> for troubleshooting steps, or to
join our friendly Slack community.

Plugin configuration is invalid
Catalog discovery failed: command ['/home/max/dev/qxvp/mx-dev-analytics/.meltano/extractors/tap-jira/venv/bin/tap-jira', '--config', '/home/max/dev/qxvp/mx-dev-analytics/.meltano/run/tap-jira/tap.0266228f-62d0-4f40-9f8c-f3f612878413.config.json', '--discover'] returned 1 with stderr:
 INFO Using Basic Auth API authentication
INFO Backing off send(...) for 1.0s (requests.exceptions.SSLError: HTTPSConnectionPool(host='jira.frequentis.com', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)'))))
...
requests.exceptions.SSLError: HTTPSConnectionPool(host='jira.redacted.com', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)')))

probably a self sign cert would be my guess, but I'd verify that cert at jira.frequentis.com:443 and ask someone to sign it properly. Or add the self signed cert to your local trusted ca's https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification , normally you can do this at the OS level but just pick whatever is easiest for you. If you're just fed up you can go fork tap_jira and see https://requests.readthedocs.io/en/latest/user/advanced/#ssl-cert-verification:~:text=requests.get(%2[…]3A//kennethreitz.org%27%2C%20verify%3DFalse)

It is probably the self signed certificate. Before I started with Meltano I lost half a day to get that working with Jupyter Notebooks. The Jupyter notebooks use requests as an HTTP client library. I was able to configure this with an environment variable

REQUESTS_CA_BUNDLE

to the certification file. I just digged through the Python code and tap-jira uses the

urllib3

. For some reason, none of the Python libraries did pick up the slef signed certificate.

You can add that to the meltano.yml pip_url if you share that we can help show you how. Also making an issue in tap-jira and posting what you dove into will definietly help someone and maybe even we can upstream this. Seems environment specefic though