Version
Found Python version 3.10.18 (python3).
Selected out-of-process host.
Azure Functions Core Tools
Core Tools Version: 4.0.7030 Commit hash: N/A (64-bit)
Function Runtime Version: 4.1037.0.23568
[2025-08-25T17:19:29.340Z] Received WorkerInitRequest, python version 3.10.18, worker version 4.34.0
Description
Currently, when I am within a network that performs man-in-the-middle packet inspection (as many corporate environments and access points do), I do not receive clear errors indicating a certificate issue. Normally, I would expect to see an error such as failed to verify certificate: x509: certificate signed by unknown authority when a certificate needs to be added. However, when I run func start --verbose or func start, I see no related errors. This issue also extends to other functions, such as for deployment. Instead, I only saw that gRPC failed, which was confusing.
I eventually solved the issue by adding a certificate with the existing --certs command, but only after wasting a lot of time debugging. It turns out many others I know face similar issues that waste their time, and they work around it by using their home internet—where SSL inspection tools (such as Zscaler, which is commonly deployed) are not in place.
If there were clearer logging of this issue when it happens - for example, the familiar failed to verify certificate: x509: certificate signed by unknown authority error that many platforms display, including Docker (see this example) - this confusion could be avoided.
Steps to reproduce
- Be connected to a network that uses SSL Inspection (e.g., Zscaler).
- Run
func start --verbose (or func start).
- Observe that gRPC fails without any clear certificate error message.
Actual Behavior
(.venv) XXXXX@XXXXX datasources % func start --verbose
Found Python version 3.10.18 (python3).
Selected out-of-process host.
Azure Functions Core Tools
Core Tools Version: 4.0.7030 Commit hash: N/A (64-bit)
Function Runtime Version: 4.1037.0.23568
[2025-08-25T17:19:26.200Z] Building host: version spec: , startup suppressed: 'False', configuration suppressed: 'False', startup operation id: 'fe2fef2e-2fe2-f232-f23f-f23f23f2f232f2'
[2025-08-25T17:19:26.259Z] Reading host configuration file '/Users/XXXXX/Documents/rag-datasources/host.json'
[2025-08-25T17:19:26.293Z] FUNCTIONS_WORKER_RUNTIME set to python. Skipping WorkerConfig for other languages
[2025-08-25T17:19:26.300Z] Found a matching extension bundle at /Users/XXXXX/.azure-functions-core-tools/Functions/ExtensionBundles/Microsoft.Azure.Functions.ExtensionBundle/4.25.1
[2025-08-25T17:19:26.877Z] INFO: Starting Azure Functions Python Worker.
[2025-08-25T17:19:27.274Z] INFO: Successfully opened gRPC channel to 127.0.0.1:56973
[2025-08-25T17:19:29.340Z] Received WorkerInitRequest, python version 3.10.18, worker version 4.34.0
[2025-08-25T17:20:29.622Z] Requesting metadata from worker failed.
[2025-08-25T17:20:29.623Z] Microsoft.Azure.WebJobs.Script.Grpc: The operation has timed out.
[2025-08-25T17:20:56.466Z] Indexed function app and found 5 functions
...
^C[2025-08-25T17:24:15.460Z] Detaching gRPC logging due to exception.
[2025-08-25T17:24:15.686Z] python3 exited with code 130 (0x82).
Expected Behavior
(.venv) XXXXX@XXXXX datasources % func start --verbose
Found Python version 3.10.18 (python3).
Selected out-of-process host.
Azure Functions Core Tools
Core Tools Version: 4.0.7030 Commit hash: N/A (64-bit)
Function Runtime Version: 4.1037.0.23568
[2025-08-25T17:19:26.200Z] Building host: version spec: , startup suppressed: 'False'
[2025-08-25T17:19:26.259Z] Reading host configuration file '/Users/XXXXX/Documents/rag-datasources/host.json'
[2025-08-25T17:19:26.293Z] FUNCTIONS_WORKER_RUNTIME set to python
[2025-08-25T17:19:26.877Z] INFO: Starting Azure Functions Python Worker.
[2025-08-25T17:19:27.274Z] INFO: Successfully opened gRPC channel to 127.0.0.1:56973
[2025-08-25T17:19:29.340Z] Received WorkerInitRequest, python version 3.10.18, worker version 4.34.0
[2025-08-25T17:19:29.619Z] Connecting to Azure Storage...
[2025-08-25T17:19:29.801Z] **ERROR: failed to verify certificate: x509: certificate signed by unknown authority**
[2025-08-25T17:19:29.802Z] Microsoft.Azure.WebJobs.Script.Grpc: Worker failed to initialize due to certificate validation failure.
[2025-08-25T17:19:29.803Z] Hint: If you are behind an SSL inspection proxy, configure trusted root certificates or use `--certs` to provide a custom CA.
[2025-08-25T17:19:30.001Z] Host startup failed with exit code 1
After Adding --certs
(.venv) XXXXX@XXXXX datasources % func start --verbose --certs /path/to/corp-root-cert.pem
Found Python version 3.10.18 (python3).
Selected out-of-process host.
Azure Functions Core Tools
Core Tools Version: 4.0.7030 Commit hash: N/A (64-bit)
Function Runtime Version: 4.1037.0.23568
[2025-08-25T17:19:26.200Z] Building host: version spec: , startup suppressed: 'False'
[2025-08-25T17:19:26.259Z] Reading host configuration file '/Users/XXXXX/Documents/rag-datasources/host.json'
[2025-08-25T17:19:26.293Z] FUNCTIONS_WORKER_RUNTIME set to python
[2025-08-25T17:19:26.877Z] INFO: Starting Azure Functions Python Worker.
[2025-08-25T17:19:27.274Z] INFO: Successfully opened gRPC channel to 127.0.0.1:56973
[2025-08-25T17:19:29.340Z] Received WorkerInitRequest, python version 3.10.18, worker version 4.34.0
[2025-08-25T17:19:29.619Z] Connecting to Azure Storage...
[2025-08-25T17:19:29.801Z] INFO: Successfully validated certificate chain using provided certs.
[2025-08-25T17:19:29.900Z] INFO: Host lock lease acquired by instance ID 'fe2fef2e-xxxx-xxxx-xxxx-xxxxxxxxxxxx'.
[2025-08-25T17:19:30.120Z] Functions found: 5
[2025-08-25T17:19:30.121Z] Function: agent_http_trigger [httpTrigger]
[2025-08-25T17:19:30.121Z] Function: chat_endpoint [httpTrigger]
[2025-08-25T17:19:30.121Z] Function: conversation_history_endpoint [httpTrigger]
[2025-08-25T17:19:30.121Z] Function: clear_history_endpoint [httpTrigger]
[2025-08-25T17:19:30.121Z] Function: health_check [httpTrigger]
[2025-08-25T17:19:30.130Z] Host initialized (4119ms). Listening on http://0.0.0.0:7071
Version
Found Python version 3.10.18 (python3).
Selected out-of-process host.
Azure Functions Core Tools
Core Tools Version: 4.0.7030 Commit hash: N/A (64-bit)
Function Runtime Version: 4.1037.0.23568
[2025-08-25T17:19:29.340Z] Received WorkerInitRequest, python version 3.10.18, worker version 4.34.0
Description
Currently, when I am within a network that performs man-in-the-middle packet inspection (as many corporate environments and access points do), I do not receive clear errors indicating a certificate issue. Normally, I would expect to see an error such as
failed to verify certificate: x509: certificate signed by unknown authoritywhen a certificate needs to be added. However, when I run func start --verbose or func start, I see no related errors. This issue also extends to other functions, such as for deployment. Instead, I only saw that gRPC failed, which was confusing.I eventually solved the issue by adding a certificate with the existing
--certscommand, but only after wasting a lot of time debugging. It turns out many others I know face similar issues that waste their time, and they work around it by using their home internet—where SSL inspection tools (such as Zscaler, which is commonly deployed) are not in place.If there were clearer logging of this issue when it happens - for example, the familiar
failed to verify certificate: x509: certificate signed by unknown authorityerror that many platforms display, including Docker (see this example) - this confusion could be avoided.Steps to reproduce
func start --verbose(orfunc start).Actual Behavior
Expected Behavior
After Adding --certs