Permission to create cacert.pem in .certifi

Question

My website is setup through IIS10, and I've given my application pool user, IIS AppPool\DefaultAppPool, all the rights I can think of.

But when I use this appl.user I get this error message:

Traceback (most recent call last): 
File "C:\inetpub\wwwroot\metrics\wdc\python\jql_query.py", line 22, in from PyJira.Jira import Jira 
File "C:\Programs\Python\Python3102\lib\site-packages\PyJira\Jira.py", line 9, in from PyJira.API import API 
File "C:\Programs\Python\Python3102\lib\site-packages\PyJira\API.py", line 7, in from PyJira.HelperMethods.Types import Response 
File "C:\Programs\Python\Python3102\lib\site-packages\PyJira\HelperMethods\Types.py", line 5, in import requests 
File "C:\Programs\Python\Python3102\lib\site-packages\requests\__init__.py", line 133, in from . import utils 
File "C:\Programs\Python\Python3102\lib\site-packages\requests\utils.py", line 27, in from . import certs 
File "C:\Programs\Python\Python3102\lib\site-packages\requests\certs.py", line 15, in from certifi import where 
File "", line 1027, in _find_and_load 
File "", line 1006, in _find_and_load_unlocked File "", line 672, in _load_unlocked File "", line 632, in _load_backward_compatible 
File "C:\Programs\Python\Python3102\lib\site-packages\wrapt\importer.py", line 157, in load_module notify_module_loaded(module) 
File "C:\Programs\Python\Python3102\lib\site-packages\wrapt\decorators.py", line 469, in _synchronized return wrapped(*args, **kwargs) 
File "C:\Programs\Python\Python3102\lib\site-packages\wrapt\importer.py", line 135, in notify_module_loaded hook(module) 
File "C:\Programs\Python\Python3102\lib\site-packages\certifi_win32\wrapt_certifi.py", line 27, in apply_patches generate_pem() 
File "C:\Programs\Python\Python3102\lib\site-packages\certifi_win32\wincerts.py", line 117, in generate_pem shutil.copy(orig_pem, PEM_PATH) 
File "C:\Programs\Python\Python3102\lib\shutil.py", line 419, in copy copyfile(src, dst, follow_symlinks=follow_symlinks) 
File "C:\Programs\Python\Python3102\lib\shutil.py", line 258, in copyfile with open(dst, 'wb') as fdst: PermissionError: 
[Errno 13] Permission denied: 'C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\.certifi\\cacert.pem'

So since I know it's a permission issue I tried to change the application pool to use LocalSystem and with that user everything works, great. So I did some more digging, and looked into this message [Errno 13] Permission denied: 'C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\.certifi\\cacert.pem' and as far as I can see it has something to do with copying the .pem file from C:\Programs\Python\Python3102\lib\site-packages\certifi\cacert.pem to C:\Windows\system32\config\systemprofile\AppData\Local\.certifi\cacert.pem and I don't have permission to do this with my IIS AppPool\DefaultAppPool user it seems. So I tried to add this user as owner and give it access to the folder .certifi, but this doesn't work. I then tried to add the user to the administrator group, since its added mostly everywhere, but that didn't work. Only when I use the LocalSystem application pool user the cacert.pem file is created in .certifi

So I think one of the python libraries uses shutil.py --> copyfile() and in this is tries to copy

SOURCE C:\Programs\Python\Python3102\lib\site-packages\certifi\cacert.pem

DESTINATION C:\Windows\system32\config\systemprofile\AppData\Local\.certifi\cacert.pem

which results in Permission denied: 'C:\\Windows\\system32\\config\\systemprofile\\AppData\\Local\\.certifi\\cacert.pem'

My question is then, how can I, or where should I add my application pool user IIS AppPool\DefaultAppPool to give it access to create this cacert.pem into the C:\Windows PATH, because only LocalSystem has these rights it seems.