Getting the above while running the crewai code
This is an issue with not being able to validate the certificate.
The issue can be with serper.dev’s side, they may have an expired certificate. Alternatively, your local certificate store used by python may not have the root certificate authority they signed their certificate with present.
Lastly, someone is tampering with the connection and is creating rogue certificates as part of a Man-In-The-Middle (MITM) attack.
Solution Steps
Export the Corporate Root Certificate
Visit any secure website (e.g., https://www.google.com) using your corporate browser.
Click the 
lock icon → View Certificate.
Find and export the root certificate in .crt (DER-encoded) format.
Example filename: Corp-Root-CA.crt
Convert .crt to .pem (Optional but Recommended)
If your certificate is in .crt (binary DER) format, convert it to .pem (Base64):
Using OpenSSL (Installed via Chocolatey)
openssl x509 -in Corp-Root-CA.crt -out Corp-Root-CA.pem
Now you have a Corp-Root-CA.pem file that’s compatible with certifi.
Locate Python’s certifi CA Bundle
Find where Python stores the CA bundle used by requests:
import certifi
print(certifi.where())
You’ll get something like:
C:\Users\YourName\AppData\Local\Programs\Python\Python39\Lib\site-packages\certifi\cacert.pem
Append the Corporate Certificate to certifi
Open the cacert.pem file in a text editor (like VS Code or Notepad++).
Copy and append the contents of your Corp-Root-CA.pem file at the end.
Save the file.
Set the REQUESTS_CA_BUNDLE Environment Variable
Tell Python to always use your updated CA bundle from the “.env” file.
REQUESTS_CA_BUNDLE=C:\Path\To\Your\Python\Lib\site-packages\certifi\cacert.pem
Verify It Works
Now your requests should succeed without extra parameters:
import requests
response = requests.get("https://www.google.com")
print(response.status_code)