I don't like the majority of these answers. I have a little more complete answer.

The issue is that the CA Root Certificate you are using is not in the certificate chain for your application.

Now, in python, your ca certs are determined by a package named Certifi, like previous mentioned above. If you replace the cacert.pem file in that package, you will end up enabling your specific URL but disabling others.

Append the contents of your .pem file to the end of that certifi file and you will be set. That should do it.