SSL issue with get_url module

I am trying to download a file from the repo to a server using
ansible. This has been working fine on all the old machines but on a
new machine, which has the same setup, it keeps giving me SSL error.
My environment is as below:

Jenkins machine(that triggers the ansible job)

$ ansible all -i inventory/localhost -c local -m setup -a
'filter=ansible_python'localhost | SUCCESS => {
    "ansible_facts": {
        "ansible_python": {
            "executable": "/usr/bin/python",
            "has_sslcontext": true,
            "type": "CPython",
            "version": {
                "major": 2,
                "micro": 9,
                "minor": 7,
                "releaselevel": "final",
                "serial": 0
            },
            "version_info": [
                2,
                7,
                9,
                "final",
                0
            ]
        }
    },
    "changed": false
}

$ ansible all -i inventory/localhost -c local -m uri -a
url=https://devops.rightleads.io/
localhost | SUCCESS => {
    "accept_ranges": "bytes",
    "changed": false,
    "connection": "close",
    "content_length": "10701",
    "content_type": "text/html",
    "date": "Mon, 19 Feb 2018 11:33:15 GMT",
    "etag": "\"29cd-54815428d497e\"",
    "last_modified": "Thu, 09 Feb 2017 09:03:51 GMT",
    "msg": "OK (10701 bytes)",
    "redirected": false,
    "server": "Apache/2.4.10 (Debian)",
    "status": 200,
    "url": "https://devops.rightleads.io/",
    "vary": "Accept-Encoding"
}

Dev machine

$ ansible tag_web -i inventory/gce.py -u admin
--private-key=projectkey -m setup -a 'filter=ansible_python' --limit
tag_dev
dev-web | SUCCESS => {
    "ansible_facts": {
        "ansible_python": {
            "executable": "/usr/bin/python",
            "has_sslcontext": true,
            "type": "CPython",
            "version": {
                "major": 2,
                "micro": 13,
                "minor": 7,
                "releaselevel": "final",
                "serial": 0
            },
            "version_info": [
                2,
                7,
                13,
                "final",
                0
            ]
        }
    },
    "changed": false
}

$ ansible tag_web -i inventory/gce.py -u admin
--private-key=projectkey -m uri -a url=https://devops.rightleads.io/
--limit tag_dev
dev-web | SUCCESS => {
    "accept_ranges": "bytes",
    "changed": false,
    "connection": "close",
    "content_length": "10701",
    "content_type": "text/html",
    "date": "Mon, 19 Feb 2018 11:35:00 GMT",
    "etag": "\"29cd-54815428d497e\"",
    "last_modified": "Thu, 09 Feb 2017 09:03:51 GMT",
    "msg": "OK (10701 bytes)",
    "redirected": false,
    "server": "Apache/2.4.10 (Debian)",
    "status": 200,
    "url": "https://devops.rightleads.io/",
    "vary": "Accept-Encoding"
}

$ ansible tag_web -i inventory/gce.py --user admin
--private-key=projectkey --limit=tag_dev --sudo -m get_url -a
"url=https://devops.rightleads.io/repo/webapi/webapi_demo_4.tar
dest=/tmp/webapi.tar force=yes" -vvv

dev-web | SUCCESS => {
    "changed": true,
    "checksum_dest": null,
    "checksum_src": "d14de4a99dd20c5128fd78ddbf6c70801057d4a3",
    "dest": "/tmp/webapi.tar",
    "gid": 0,
    "group": "root",
    "invocation": {
        "module_args": {
            "backup": false,
            "checksum": "",
            "content": null,
            "delimiter": null,
            "dest": "/tmp/webapi.tar",
            "directory_mode": null,
            "follow": false,
            "force": true,
            "force_basic_auth": false,
            "group": null,
            "headers": null,
            "http_agent": "ansible-httpget",
            "mode": null,
            "owner": null,
            "path": "/tmp/webapi.tar",
            "regexp": null,
            "remote_src": null,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "sha256sum": "",
            "src": null,
            "timeout": 10,
            "tmp_dest": "",
            "unsafe_writes": null,
            "url": "https://devops.rightleads.io/repo/webapi/webapi_demo_4.tar",
            "url_password": "xxx",
            "url_username": "yyy",
            "use_proxy": true,
            "validate_certs": true
        },
        "module_name": "get_url"
    },
    "md5sum": "96166c42eb5a47766dc5e02a2590829f",
    "mode": "0644",
    "msg": "OK (136683520 bytes)",
    "owner": "root",
    "size": 136683520,
    "src": "/tmp/tmpJgzn5R",
    "state": "file",
    "uid": 0,
    "url": "https://devops.rightleads.io/repo/webapi/webapi_demo_4.tar"
}

$ python -V
Python 2.7.13

$ ls -l /etc/ssl/certs/DST_Root_CA_X3.pem
lrwxrwxrwx 1 root root 53 Dec 14 00:19
/etc/ssl/certs/DST_Root_CA_X3.pem ->
/usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt

$ echo quit | openssl s_client -connect devops.rightleads.io:443 | head
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = devops.rightleads.io
verify return:1
CONNECTED(00000003)

As a follow up, I tried connecting to devops.rightleads.io from python
and it checking the certificate, it works fine. But, ansible still
seems to be throwing the SSL error.

import socket, ssl
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_default_certs()

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
ssl_sock = context.wrap_socket(s, server_hostname='devops.rightleads.io')
ssl_sock.connect(('devops.rightleads.io', 443))

cert = ssl_sock.getpeercert()
print(cert)

{'subjectAltName': (('DNS', 'devops.rightleads.io'),), 'notBefore':
u'Feb 18 11:09:28 2018 GMT', 'caIssuers':
(u'http://cert.int-x3.letsencrypt.org/',), 'OCSP':
(u'http://ocsp.int-x3.letsencrypt.org',), 'serialNumber':
u'03789CEA86C5F31787ED45697AACB172BA58', 'notAfter': 'May 19 11:09:28
2018 GMT', 'version': 3L, 'subject': ((('commonName',
u'devops.rightleads.io'),),), 'issuer': ((('countryName', u'US'),),
(('organizationName', u"Let's Encrypt"),), (('commonName', u"Let's
Encrypt Authority X3"),))}

Turned out to be a google cloud issue, not ansible.