SSL verification fails with requests but not with urllib3

Question

I'm importing the certificates from anaconda.

import certifi
cert_path=certifi.where()
print("cert path", cert_path)

and I try to call an API with requests

import requests 
r = requests.post(url = API_ENDPOINT, data = data, headers=headers, verify = cert_path) 

And it fails with

port=443): Max retries exceeded with url: ... (Caused by SSLError(SSLError("bad handshake: Error([('SSLroutines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),))

I've already resolved this issue without requests but following urllib3 docs.

http = urllib3.PoolManager(
     cert_reqs='CERT_REQUIRED',
     ca_certs=certifi.where()
     )
r = http.request("POST", url = API_ENDPOINT, body = encoded_data, headers=headers) 

Why aren't requests using urllib3 under the covers, and why is it failing, or what should I change in my code when using the requests module? I've noticed the fascinating and helpful picture in this answer, but - before downloading new certs - I'd like to understand the reason better because I would prefer to stay with my current urllib3 solution if the requests module can't work with my standard anaconda certs as well as urllib3 is doing. Notice that "downloading the appropriate intermediate certificate(s)" is already needed for urllib3 AFAIK, so if urllib3 validation passes, that should not be a problem for requests either.

Answer 1

I've found the issue, in my original anaconda cacerts bundle there is a certificate that is causing the issue, due to an expiry date, I think.