For those who might encounter this as well when writing their AG Remote Plugins a little hint.
While building another plugin with dependencies to another library I was confronted with an error that the included urllib3 library of the remoteplugin environment couldn't load RooT CA certificates. The error in the plugin's log looked something like this:
ERROR [Python][Hostunit Consumption][ThreadPoolExecutor-0_2] - [set_full_status] (0)
[Errno 2] No such file or directory
Traceback (most recent call last):
File "/opt/dynatrace/remotepluginmodule/agent/plugin/engine.zip/site-packages/urllib3/util/ssl_.py", line 319, in ssl_wrap_socket
FileNotFoundError: [Errno 2] No such file or directory
After digging into it I found that the invoked external SSL connection required the root certificates that are typically shipped with urllib3 or certifi package. (both are included in the remoteplugin runtime environment). However the virtual (?) path would try to find the CA certificate package at this path:
This is not a real path but points to the content of the site.zip archive. Python certifi gets this path by calling certifi.where() and urllib then fails to get the file, leading to this error.
To resolve this issue I had to explicitly point my plugin to an "real" cacert.pem file in the AG's filesystem that is not within a zip file. I manually added ca cacert.pem file (which could be enahanced with corporate CA certs as well to my plugin directory:
Just posting this here because I was pretty surprised to see this. Maybe it's a bug in the plugin runtime as well that can be fixed permanently as well...