Skip to main content
use-apify.com

SSL: guides & tutorials

TLS and HTTPS for scrapers: cert validation, cipher mismatches, mTLS, pinning risks, and safe patterns for Node or Python fetches on Apify infrastructure.

3 articles

View all tags

TLS and HTTPS issues trip up scrapers through cert validation errors, cipher mismatches, and mTLS requirements. These guides cover diagnosing and handling SSL in Node and Python fetches.

Understanding when to verify certs, when pinning bites, and how to debug handshake failures keeps crawls reliable. Below you will find safe TLS patterns for scraping on Apify infrastructure.

Related topics

Docker7 min read

Traefik v3 Reverse Proxy: Complete Self-Hosting Setup Guide (2026)

· 7 min read
Yassine El Haddad
Software Developer & Automation Specialist

Traefik is a reverse proxy that discovers services from Docker labels and config files, issues Let's Encrypt certificates automatically, and handles HTTP/3. Version 3 refines middleware syntax and improves performance. This guide covers installation, your first service, middleware for auth and rate limiting, and dashboard security on a Liquid Web VPS.

Frequently asked questions

Frequently Asked Questions

SSL (TLS) handshake fingerprints are one of the first signals anti-bot systems check. Libraries like Python requests, aiohttp, and Node.js each produce distinct TLS fingerprints. Matching a browser TLS fingerprint requires patching at the low-level socket layer with tools like curl-cffi in Python, which impersonates Chrome TLS exactly.

For self-signed or corporate CA certificates, add the custom CA bundle to your trust store rather than disabling verification entirely. In Python, use verify=False only in dev—set verify=/path/to/cert.pem in production. Disabling SSL validation exposes your scraper to MITM attacks and is never appropriate for authenticated sessions.

TLS fingerprinting records cipher suite order, extension types, and ALPN protocols during the handshake. Tools like ja3 and ja4 create fingerprint hashes that identify specific clients. Scrapers use curl-cffi or impersonation libraries to mimic Chrome TLS behavior. Standard Python httpx has a different fingerprint than Chrome by default.

curl-cffi impersonates Chrome, Firefox, or Edge TLS profiles natively and is the current best practice for TLS fingerprint evasion in Python. httpx and aiohttp have different fingerprints without patching. Pair curl-cffi with rotating residential proxies for the most convincing browser impersonation at the network layer.