I'm trying to get jolokia monitoring working with Check-MK but am
failing to get it working over a https connection.

I'm using the newest jolokia wars that require authentication, and
while this is working fine over http, I cannot get mk_jolokia to work
using https.

I suspect the problem I'm having is not being able to specify the
cert_path correctly.

The server has been configured with a certficiate from Let'sEncrypt and
is trusted when I use curl. 

However, if I specify the fullchain.pem file containing the certificate
and it's full chain, I get:

ERROR: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate
verify failed (_ssl.c:590)>


My /etc/check_mk/jolokia.cfg contains

suburi   = "jolokia"
port=8083
server = "myserver.host.name"
user = "jolokia"
password = "myjolokiapassword"
mode = "digest"
protocol = "https"
cert_path = "/etc/letsencrypt/live/myserver.host.name/fullchain.pem"

I'm running this on a box with tomcat 8.5, jolokia 1.6 and python
2.17.12

Check_mk works if I used http connections - so otherwise my tomcat
setup us fine. But I'd much prefer to use a https connection for
jolokia so I can remove the http connector in tomcat completely.

Dave