urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.criteo.com', port=443): Max retries exceeded with url: /oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))

[nicotiendamia]

Hello,

I've developed an ETL that consumes the API through this SDK and it works correctly in my development environment, in my Windows machine. Nevertheless, in my production environment, an EC2 instance with Ubuntu on AWS, it fails with the following message:

`Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 485, in wrap_socket
cnx.do_handshake()
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1915, in do_handshake
self._raise_ssl_error(self._ssl, result)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1647, in _raise_ssl_error
_raise_current_error()
File "/usr/lib/python3/dist-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')]

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 665, in urlopen
httplib_response = self._make_request(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 376, in _make_request
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 996, in validate_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 366, in connect
self.sock = ssl_wrap_socket(
File "/usr/lib/python3/dist-packages/urllib3/util/ssl.py", line 370, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 491, in wrap_socket
raise ssl.SSLError("bad handshake: %r" % e)
ssl.SSLError: ("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])",)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "", line 1, in
File "/home/tiendamia/ETLs/datasources/digital_marketing/criteo/api/CriteoApi.py", line 44, in get_adset_report
response = self._analytics_api.get_adset_report(statistics_report_query_message=query_message)
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/api_client.py", line 771, in call
return self.callable(self, *args, **kwargs)
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/api/analytics_api.py", line 104, in __get_adset_report
return self.call_with_http_info(**kwargs)
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/api_client.py", line 833, in call_with_http_info
return self.api_client.call_api(
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/api_client.py", line 408, in call_api
return self.__call_api(resource_path, method,
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/api_client.py", line 195, in __call_api
response_data = self.request(
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/api_client.py", line 454, in request
return self.rest_client.POST(url,
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/rest.py", line 268, in POST
return self.request("POST", url,
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/rest.py", line 142, in request
self.refresh_token(headers)
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/rest.py", line 302, in refresh_token
self.token = self.call_auth_endpoint(headers)
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/rest.py", line 316, in call_auth_endpoint
response = self.request("POST", oauth_url,
File "/home/tiendamia/.local/lib/python3.8/site-packages/criteo_api_marketingsolutions_v2022_07/rest.py", line 173, in request
r = self.pool_manager.request(
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 79, in request
return self.request_encode_body(
File "/usr/lib/python3/dist-packages/urllib3/request.py", line 171, in request_encode_body
return self.urlopen(method, url, **extra_kw)
File "/usr/lib/python3/dist-packages/urllib3/poolmanager.py", line 330, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 747, in urlopen
return self.urlopen(
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 719, in urlopen
retries = retries.increment(
File "/usr/lib/python3/dist-packages/urllib3/util/retry.py", line 436, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.criteo.com', port=443): Max retries exceeded with url: /oauth2/token (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')])")))`

Also, my code for my API class where i set and pass the Configuration object:

`from helpers.Result import Result, Status
from datasources.digital_marketing.criteo.config.env_criteo import criteo_settings
from criteo_api_marketingsolutions_v2022_07 import Configuration, ApiClient
from criteo_api_marketingsolutions_v2022_07.api.analytics_api import AnalyticsApi
from criteo_api_marketingsolutions_v2022_07.model.statistics_report_query_message import StatisticsReportQueryMessage
from datetime import datetime
from typing import List, Dict
import json
import criteo_api_marketingsolutions_v2022_07

class CriteoApi:
def init(self):
self._client = ApiClient(Configuration(username=criteo_settings['CLIENT_ID'],
password=criteo_settings['CLIENT_SECRET'],
discard_unknown_keys=True))
self._analytics_api = AnalyticsApi(self._client)

def get_adset_report(self, start_date: str, end_date: str, metrics: List[str], dimensions: List[str], currency: str= 'USD') -> Result:
    """
    Calls the statistics/report endpoint, constructing a StatisticsReportQueryMessage based on the args passed

    Args:
        start_date (str): Start Date of the report
        end_date (str): End Date of the report
        metrics (List[str]): List of metrics for the report to return
        dimensions (List[str]): List of dimensions for the report to return
        currency (str): Currency code to use for values in report

    Returns:
        result (Result): result from the API call
    """
    result = Result(Status.error, '', [])
    query_message = StatisticsReportQueryMessage(
        dimensions=dimensions,
        metrics=metrics,
        start_date=datetime.strptime(start_date, '%Y-%m-%d'),
        end_date=datetime.strptime(end_date, '%Y-%m-%d'),
        currency=currency,
        format='json'
    )
    try:
        # [response_content, http_code, response_headers] = self._analytics_api.get_adset_report(query_message)
        response = self._analytics_api.get_adset_report(statistics_report_query_message=query_message)
        # decoded_data = response.encode().decode('utf-8-sig')

        result.status = Status.success
        # result.data = json.loads(decoded_data)['Rows']
        result.data = response['Rows']
        result.message = f'Fetched {len(result.data)} results from Criteo API!'
    except criteo_api_marketingsolutions_v2022_07.ApiException as e:
        print("Exception when calling AnalyticsApi->get_adset_report: %s\n" % e)
        result.message = f'Exception getting campaign report from Criteo API: {str(e)}'
    return result

`

Any help is much appreciated, i know this has something to do with certificates, but don't have much knowlege about it and i'm quite stuck.