From c0300e71fbe44d1417e2af5105e5677069cc585d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=9A=D0=BE=D0=BA=D0=BE=D1=81=20=D0=90=D1=80=D1=82=D0=B5?=
 =?UTF-8?q?=D0=BC=20=D0=9D=D0=B8=D0=BA=D0=BE=D0=BB=D0=B0=D0=B5=D0=B2=D0=B8?=
 =?UTF-8?q?=D1=87?= <artem.kokos@eltex.loc>
Date: Tue, 20 Jan 2026 10:19:41 +0700
Subject: [PATCH] Fix SSL-cert issue

---
 README.md                  | 13 +++++++++++++
 redmine_reporter/client.py |  3 ++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index dad94de..d55904d 100644
--- a/README.md
+++ b/README.md
@@ -61,3 +61,16 @@ isort .
 ```
 
 > 🔒 Never commit `.env` or credentials!
+
+### Production SSL Setup (for internal Redmine)
+
+If you get `CERTIFICATE_VERIFY_FAILED`, your corporate CA is not trusted by Python's `certifi`.
+
+Fix it once per environment:
+
+```bash
+source .venv/bin/activate
+cat /etc/ssl/certs/ca-certificates.crt >> $(python -m certifi)
+```
+
+> This appends system CA bundle to Python's certificate store. Safe and secure.
diff --git a/redmine_reporter/client.py b/redmine_reporter/client.py
index fc53718..80e1b87 100644
--- a/redmine_reporter/client.py
+++ b/redmine_reporter/client.py
@@ -12,7 +12,8 @@ def fetch_issues_by_time_entries(from_date: str, to_date: str) -> Optional[List[
     redmine = Redmine(
         Config.REDMINE_URL,
         username=Config.REDMINE_USER,
-        password=Config.REDMINE_PASSWORD
+        password=Config.REDMINE_PASSWORD,
+        requests={'verify': '/etc/ssl/certs/ca-certificates.crt'}
     )
 
     current_user = redmine.user.get('current')