Just posting this for future Googlers:
I was getting this error trying to access ECMWF’s data through their web API. On Mac, I couldn’t make the suggested solution work.
I thought I’d re-install Python to see if that helped but noticed during the install the following text:
Certificate verification and OpenSSL
**NEW** This variant of Python 3.6 now includes its own private copy of OpenSSL 1.0.2. Unlike previous releases, the deprecated Apple-supplied OpenSSL libraries are no longer used. This also means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module. For 3.6.0, a sample command script is included in /Applications/Python 3.6 to install a curated bundle of default root certificates from the third-party certifi package (https://pypi.python.org/pypi/certifi). If you choose to use certifi, you should consider subscribing to the project’s email update service to be notified when the certificate bundle is updated.
The bundled pip included with the Python 3.6 installer has its own default certificate store for verifying download connections.
Clearly Python does something different around certificates now. So I ran the “Install Certificates.command” found in /Applications/Python 3.6 and suddenly everything started working fine.