github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 19:38:46 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #23503] issue: Openwebui ignores AIOHTTP_CLIENT_SESSION_SSL for ollama models management #35531

New Issue
Closed
opened 2026-04-25 09:44:17 -05:00 by GiteaMirror · 2 comments
GiteaMirror commented 2026-04-25 09:44:17 -05:00
Owner
Copy Link

Originally created by @orKL3mlz on GitHub (Apr 8, 2026).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/23503

Check Existing Issues

  • I have searched for any existing and/or related issues.
  • I have searched for any existing and/or related discussions.
  • I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!).
  • I am using the latest version of Open WebUI.

Installation Method

Docker

Open WebUI Version

v0.8.12

Ollama Version (if applicable)

0.20.3

Operating System

Debian

Browser (if applicable)

No response

Confirmation

  • I have read and followed all instructions in README.md.
  • I am using the latest version of both Open WebUI and Ollama.
  • I have included the browser console logs.
  • I have included the Docker container logs.
  • I have provided every relevant configuration, setting, and environment variable used in my setup.
  • I have clearly listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc).
  • I have documented step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation. My steps:
  • Start with the initial platform/version/OS and dependencies used,
  • Specify exact install/launch/configure commands,
  • List URLs visited, user input (incl. example values/emails/passwords if needed),
  • Describe all options and toggles enabled or changed,
  • Include any files or environmental changes,
  • Identify the expected and actual result at each stage,
  • Ensure any reasonably skilled user can follow and hit the same issue.

Expected Behavior

Openwebui should ignore self signed certificate errors if AIOHTTP_CLIENT_SESSION_SSL = False when making calls to ollama API

Actual Behavior

When trying to manage ollama models from Openwebui, and if the ollama https certificate is self-signed, setting the env variable AIOHTTP_CLIENT_SESSION_SSL = False and REQUESTS_VERIFY = False doesn't ignore certificate errors.

From web browser

Go to Admin panel > Connections > Ollama > Manage Ollama
(Makes the API call to https://openwebui.local/ollama/api/tags/0)

Steps to Reproduce

Set AIOHTTP_CLIENT_SESSION_SSL = False and REQUESTS_VERIFY = False inside .env
Configure ollama backend to use a self-signed certificate
Configure the connection inside Openwebui Ollama API endpoint : https://x.x.x.x/ollama
Save the settings and try to click manage on the same screen

Logs & Screenshots

Containers logs

ERROR | open_webui.routers.ollama:get_ollama_tags:452 - HTTPSConnectionPool(host='x.x.x.x', port=443): Max retries exceeded with url: /ollama/api/tags (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1016)')))

Additional Information

No response

Originally created by @orKL3mlz on GitHub (Apr 8, 2026). Original GitHub issue: https://github.com/open-webui/open-webui/issues/23503 ### Check Existing Issues - [x] I have searched for any existing and/or related issues. - [x] I have searched for any existing and/or related discussions. - [x] I have also searched in the CLOSED issues AND CLOSED discussions and found no related items (your issue might already be addressed on the development branch!). - [x] I am using the latest version of Open WebUI. ### Installation Method Docker ### Open WebUI Version v0.8.12 ### Ollama Version (if applicable) 0.20.3 ### Operating System Debian ### Browser (if applicable) _No response_ ### Confirmation - [x] I have read and followed all instructions in `README.md`. - [x] I am using the latest version of **both** Open WebUI and Ollama. - [x] I have included the browser console logs. - [x] I have included the Docker container logs. - [x] I have **provided every relevant configuration, setting, and environment variable used in my setup.** - [x] I have clearly **listed every relevant configuration, custom setting, environment variable, and command-line option that influences my setup** (such as Docker Compose overrides, .env values, browser settings, authentication configurations, etc). - [x] I have documented **step-by-step reproduction instructions that are precise, sequential, and leave nothing to interpretation**. My steps: - Start with the initial platform/version/OS and dependencies used, - Specify exact install/launch/configure commands, - List URLs visited, user input (incl. example values/emails/passwords if needed), - Describe all options and toggles enabled or changed, - Include any files or environmental changes, - Identify the expected and actual result at each stage, - Ensure any reasonably skilled user can follow and hit the same issue. ### Expected Behavior Openwebui should ignore self signed certificate errors if `AIOHTTP_CLIENT_SESSION_SSL = False` when making calls to ollama API ### Actual Behavior When trying to manage ollama models from Openwebui, and if the ollama https certificate is self-signed, setting the env variable `AIOHTTP_CLIENT_SESSION_SSL = False` and `REQUESTS_VERIFY = False` doesn't ignore certificate errors. ## From web browser Go to Admin panel > Connections > Ollama > Manage Ollama (Makes the API call to `https://openwebui.local/ollama/api/tags/0`) ### Steps to Reproduce Set `AIOHTTP_CLIENT_SESSION_SSL = False` and `REQUESTS_VERIFY = False` inside .env Configure ollama backend to use a self-signed certificate Configure the connection inside Openwebui `Ollama API endpoint : https://x.x.x.x/ollama` Save the settings and try to click `manage` on the same screen ### Logs & Screenshots ## Containers logs `ERROR | open_webui.routers.ollama:get_ollama_tags:452 - HTTPSConnectionPool(host='x.x.x.x', port=443): Max retries exceeded with url: /ollama/api/tags (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1016)')))` ### Additional Information _No response_
GiteaMirror added the bug label 2026-04-25 09:44:17 -05:00
GiteaMirror commented 2026-04-25 09:44:18 -05:00
Author
Owner
Copy Link

@swapnilshekade commented on GitHub (Apr 8, 2026):

Hi! I looked into this issue and it seems that the ollama model management code path might be creating aiohttp sessions without respecting AIOHTTP_CLIENT_SESSION_SSL value
I'm thinking of fixing this by centralizing the aiohttp ClientSession creation so the SSL config is applied consistently.

Does that approach sound good? If so, I can work on a PR for the same - I can take this up if no one else is been assigned for this.

<!-- gh-comment-id:4208096327 --> @swapnilshekade commented on GitHub (Apr 8, 2026): Hi! I looked into this issue and it seems that the ollama model management code path might be creating aiohttp sessions without respecting AIOHTTP_CLIENT_SESSION_SSL value I'm thinking of fixing this by centralizing the aiohttp ClientSession creation so the SSL config is applied consistently. Does that approach sound good? If so, I can work on a PR for the same - I can take this up if no one else is been assigned for this.
GiteaMirror commented 2026-04-25 09:44:19 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Apr 8, 2026):

Should be addressed in dev.

<!-- gh-comment-id:4209814945 --> @tjbck commented on GitHub (Apr 8, 2026): Should be addressed in dev.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#35531
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?