requests/exchangelib SSLError - hostname 'outlook.office.de' doesn't match either of-CodePudding

I'm having problems connecting to the Microsoft Exchange. It started recently. The problem is that I'm not sure where to look for the solutions.

The problem is that I'm trying to connect to office.de but the certificate seems not to include this domain now.

Where to look for the solution/bug?:

My PC (Ubuntu 20.04)
python requests
python exchangelib
Microsoft certificate (temporary issue)

Traceback:

Traceback (most recent call last):
    account = Account(
  File "/home/milano/.virtualenvs/xx-xxx-xxxx/lib/python3.9/site-packages/exchangelib/account.py", line 126, in __init__
    self.protocol = Protocol(config=config)
  File "/home/milano/.virtualenvs/xx-xxx-xxxx/lib/python3.9/site-packages/exchangelib/protocol.py", line 405, in __call__
    raise e
  File "/home/milano/.virtualenvs/xx-xxx-xxxx/lib/python3.9/site-packages/exchangelib/protocol.py", line 400, in __call__
    protocol = super().__call__(*args, **kwargs)
  File "/home/milano/.virtualenvs/xx-xxx-xxxx/lib/python3.9/site-packages/exchangelib/protocol.py", line 434, in __init__
    self.config.auth_type = self.get_auth_type()
  File "/home/milano/.virtualenvs/xx-xxx-xxxx/lib/python3.9/site-packages/exchangelib/protocol.py", line 439, in get_auth_type
    auth_type, api_version_hint = get_service_authtype(
  File "/home/milano/.virtualenvs/xx-xxx-xxxx/lib/python3.9/site-packages/exchangelib/transport.py", line 155, in get_service_authtype
    raise TransportError(str(e)) from e
exchangelib.errors.TransportError: HTTPSConnectionPool(host='outlook.office.de', port=443): Max retries exceeded with url: /EWS/Exchange.asmx (Caused by SSLError(SSLCertVerificationError("hostname 'outlook.office.de' doesn't match either of '*.internal.outlook.com', '*.outlook.com', 'outlook.com', 'office365.com', '*.office365.com', '*.outlook.office365.com', '*.office.com', 'outlook.office.com', 'substrate.office.com', 'attachment.outlook.live.net', 'attachment.outlook.office.net', 'attachment.outlook.officeppe.net', 'attachments.office.net', '*.clo.footprintdns.com', '*.nrb.footprintdns.com', 'ccs.login.microsoftonline.com', 'ccs-sdf.login.microsoftonline.com', 'substrate-sdf.office.com', 'attachments-sdf.office.net', '*.live.com', 'mail.services.live.com', 'hotmail.com', '*.hotmail.com'")))

CodePudding user response：

The problem is that I'm trying to connect to office.de but the certificate seems not to include this domain now.

This is correct. A check with the browser will show that this is not a problem of Python but that the site is setup this way, i.e. the browser will complain too.

While officially documented for use at Office 365 Germany endpoints it looks like the domain office.de is not setup for use with HTTPS with this domain name.

Since outlook.office.de is currently just an alias (DNS CNAME) for outlook.office.com my guess is that the documented domains are not intended for direct access by HTTPS, but that they are only documented to get the necessary IP ranges. Internally MS Exchange will likely use the office.com domain instead and thus successfully match the certificates.