OctoPrint 1.3.11 Update Fails to Install

Latest OctoPrint 1.3.11 Update Fails Via Web Interface. I'm currently running 1.3.10 OctoPrint and OctoPi Version 0.15.1, running on Raspberry Pi 3 Model B Rev 1.2

All I've tried to do is restart the Raspberry Pi

I've attached the required logs, and have pasted in the messages I get when trying to update. I don't have a clue other than some sort of certificate error or it seems like maybe PIP needs updated?

octoprint.log (31.4 KB)
plugin_softwareupdate_console.log (9.4 KB)

Text while updating:

Updating, please wait.
++++++++++++++++++++++++++++++++
Now updating OctoPrint to 1.3.11
++++++++++++++++++++++++++++++++
/home/pi/oprint/bin/python2 -m pip install https://github.com/foosel/OctoPrint/archive/1.3.11.zip --no-cache-dir
Collecting https://github.com/foosel/OctoPrint/archive/1.3.11.zip
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),)': /foosel/OctoPrint/zip/1.3.11
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),)': /foosel/OctoPrint/zip/1.3.11
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),)': /foosel/OctoPrint/zip/1.3.11
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),)': /foosel/OctoPrint/zip/1.3.11
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),)': /foosel/OctoPrint/zip/1.3.11
Exception:
Traceback (most recent call last):
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/basecommand.py", line 215, in main
status = self.run(options, args)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/commands/install.py", line 324, in run
requirement_set.prepare_files(finder)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/req/req_set.py", line 380, in prepare_files
ignore_dependencies=self.ignore_dependencies))
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/req/req_set.py", line 620, in _prepare_file
session=self.session, hashes=hashes)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/download.py", line 821, in unpack_url
hashes=hashes
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/download.py", line 659, in unpack_http_url
hashes)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/download.py", line 853, in _download_http_url
stream=True,
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 521, in get
return self.request('GET', url, **kwargs)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/download.py", line 386, in request
return super(PipSession, self).request(method, url, *args, **kwargs)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 640, in send
history = [resp for resp in gen] if allow_redirects else []
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 218, in resolve_redirects
**adapter_kwargs
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/home/pi/oprint/local/lib/python2.7/site-packages/pip/_vendor/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='codeload.github.com', port=443): Max retries exceeded with url: /foosel/OctoPrint/zip/1.3.11 (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),))
You are using pip version 9.0.3, however version 19.1.1 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
The update did not finish successfully. Please consult octoprint.log and plugin_softwareupdate_console.log for details.

That's weird. You are familiar with the shell? Try connecting to it manually:

curl -D - https://github.com/foosel/OctoPrint/

You can try this:

sudo apt update && sudo install -y ca-certificates python-certifi

and then run the update in OctoPrint.

Tedder42, thanks for the reply. I am familiar with the shell and will be happy to try this as soon as a ten hour print stops I just started. What does this do?
curl -D - https://github.com/foosel/OctoPrint/
and,
Is the word "certifi correct"?
sudo apt update && sudo install -y ca-certificates python-certifi

I forgot to mention and don't' know if it matters but I am running Pi-Hole DNS server to block ads. Maybe its blocking something to do with the certificate?

I think you've found the problem: PiHole.

DNS-based ad blockers redirect things from one place to another. And then the various hashes don't line up and it looks like some other sort of error.

Thanks OutsourcedGuru, When my print finishes, that's one of the first things I will try, I can temporarily disable it as a test. When I posted this, I brainfarted and forgot all about my Pi-Hole blocker. Pi-Hole is one of the best things for a home network since the internet began! But, it's so easy to forget about it since it just works. If anyone knows what I might add to the whitelist related to OctoPrint, let me know.

Well, follow that link and read the thread.

Sorry didn't notice your link to "Pi-Hole" just thought it was one of those auto created links. After reading the notes the link took me to I added codeload.github.com to my Pi-hole whitelist and OctoPrint updated successfully. Thanks for the help and I should have done more research before posting and wasting everyone's time. Here is hopefully a valid related question: what would I gain to update OctoPi from 0.15.1 to 0.16.0?

The biggest difference between the OctoPi imags 0.15.1 and 0.16.0 is the underlying Raspbian operating system itself. The latter has the Nov 2018 version and the former has the Jun 2018 version. It's mandatory for anyone with a newer Pi like an A+ or a 3B+, for example. It probably has some bug fixes and more driver support for peripherals, I'd guess. I'm not sure if foosel/guy have added much to the image otherwise in changes.

You could, though, use software like ApplePi-Baker to backup your microSD before and then run:

sudo apt-get update
sudo apt-get -y upgrade

...and let that run for a while. After a reboot you'd then have much of what 0.16.0 could have given you.

Others would say that the second command would be sudo apt-get dist-upgrade but I disagree. What if 23 days from now the Raspberry Pi Foundation comes up with Raspbian Wookie Lite as an available-and-untested major version and you accidentally upgraded to that?

OutsourcedGuru, thanks for the great explanation. I think I'll do it. I do have a 3B+ and I have a camera, relays, extra lighting, filament sensors and other things that aren't "out of the box". I use windows and use something called WinImage to make my backups of the SD card which works well and I've even changed SD cards this way when larger sizes were needed. I will stick to your method and agree about the "what if 23..."

Not sure if it is because I run all my home traffic through a VPN, but I needed the python-certifi package. Thanks for the suggestion.

I innocently clicked on the Update icon in octoprint to bring all plugins to date.

Now I'm expected to go and pip install some previous version of numpy, etc...

There must be a better way to release software