How to address SSL certificate issues

[mar...@frightanic.com]

The Python app I package with PyInstaller issues HTTPS calls against public internet resources. Some Windows users reported that at some point this failed with certificate verification issues

Failure: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired (_ssl.c:1123)

The resource the app communicates with uses a certificate issued by Let's Encrypt (R3) with in turn is signed by ISRG Root X1. The only thing in the certificate chain that changed since the app was bundled/built is the server certificate (i.e. not the intermediary, not the root). Hence, I don't understand the root cause yet.

I do not understand enough about Python SSL integration to know how to best address this issue. I guess it would help if the app's embedded Python bundled by PyInstaller could somehow delegate certificate verification to the host OS. Any suggestions?