pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

Q: How do I prevent pip:SSL_MODULE_NOT_AVAILABLE in CI?

Avoid custom-building Python for production unless you manage its SSL dependencies carefully. Standardize Python distributions across dev/CI. Keep OpenSSL and Python updated to receive security fixes and modern TLS defaults.

Q: How can I manually validate pip:SSL_MODULE_NOT_AVAILABLE?

Test SSL import: `python -c 'import ssl; print(ssl.OPENSSL_VERSION)'`. Confirm which Python is active: `python -c 'import sys; print(sys.executable)'`. If you built Python yourself, inspect how OpenSSL was linked/packaged.

Fix it fast

Most likely: The active Python runtime cannot import ssl, so pip cannot make HTTPS requests at all. This is a broken Python build/runtime, not a normal certificate trust error.

1. Confirm this is your error

WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: ... (Caused by SSLError("Can't connect to HTTPS URL because the SSL module is not available.")) - skipping

2. Check the cause

python -c 'import sys; print(sys.executable)'
python -c 'import ssl; print(ssl.OPENSSL_VERSION)'
python -m pip --version

3. Apply the safe fix

# Preferred: switch to or reinstall a Python distribution that includes SSL support.
python -c 'import ssl; print(ssl.OPENSSL_VERSION)'
python -m pip install --upgrade pip

# If you compile Python yourself on Debian/Ubuntu, install SSL build dependencies first, then rebuild Python.
sudo apt install build-essential libssl-dev zlib1g-dev

# After reinstalling or rebuilding Python, recreate the project venv.
python -m venv .venv
. .venv/bin/activate
python -m pip install --upgrade pip

4. Verify it works

python -c 'import ssl; print(ssl.OPENSSL_VERSION)'
python -m pip install <package>

Don't use unsafe shortcuts

Do not try to fix this with --trusted-host, cert, cafile, or certificate files. Python is missing SSL support.
Do not switch package indexes to plain HTTP as a workaround.
Do not keep using the broken Python runtime in CI, replace the image or rebuild Python with SSL support.

Where the Request Failed

Your Python was built or installed without SSL support, so pip cannot make HTTPS requests to package indexes like PyPI.

Use a Python build with SSL support

Reinstall Python from a trusted distribution that includes SSL support (system Python, python.org installers, or a well-supported env manager).

If compiling Python, install OpenSSL dev dependencies first, then rebuild Python so the ssl module is built.

After fixing Python, upgrade pip:python -m pip install --upgrade pip

Retry the original pip install command.

Prove the Failing Environment Can Reach It

Run python -c 'import ssl; print(ssl.OPENSSL_VERSION)' and confirm it succeeds, and run python -m pip install <package> and confirm pip can reach HTTPS indexes.

Check the active Python runtime

Test SSL import:python -c 'import ssl; print(ssl.OPENSSL_VERSION)'

Confirm which Python is active:python -c 'import sys; print(sys.executable)'

If you built Python yourself, inspect how OpenSSL was linked/packaged.

Why This Environment Blocks the Change

Usually this comes down to python was compiled without OpenSSL development libraries available, so _ssl/ssl wasn't built, a custom Python distribution is missing SSL runtime dependencies, or the environment is misconfigured (wrong dynamic libraries, broken OpenSSL install).

Why pip needs the Python ssl module

This is the part worth understanding if the quick fix did not hold. It explains what pip is trying to do at the moment the error appears.

pip downloads packages over HTTPS from indexes (PyPI, mirrors, private registries). HTTPS support in Python relies on the built-in ssl module, which depends on OpenSSL (or another TLS backend) being present at build/runtime.

If import ssl fails, pip cannot securely connect to package sources.

Prevent Repeat Connectivity Failures

To prevent this, avoid custom-building Python for production unless you manage its SSL dependencies carefully, standardize Python distributions across dev/CI, and keep OpenSSL and Python updated to receive security fixes and modern TLS defaults.

Docs and source code

github.com/pypa/pip/blob/25.3/src/pip/_internal/models/search_scope.py

pip warns about missing TLS support when it detects ssl/TLS is unavailable, but you have HTTPS index URLs configured. - GitHub

        # If we don't have TLS enabled, then WARN if anyplace we're looking
        # relies on TLS.
        if not has_tls():
            for link in itertools.chain(index_urls, built_find_links):
                parsed = urllib.parse.urlparse(link)
                if parsed.scheme == "https":
                    logger.warning(
                        "pip is configured with locations that require "
                        "TLS/SSL, however the ssl module in Python is not "
                        "available."
                    )
                    break