'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))

Question

When using this code, the following error is generated:

exchangelib.errors.TransportError: HTTPSConnectionPool(host='mail.rt.yu', port=443): Max retries exceeded with url: /EWS/Exchange.asmx (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))

How can I provide a local issuer certificate or otherwise solve the problem?

from exchangelib import Credentials,DELEGATE, IMPERSONATION, Account,Message, Mailbox, FileAttachment,Configuration

credentials = Credentials(username=r'sinai\afgggn.t.auu',
                             password='SSft@y155')
config = Configuration(server='mail.te.eg', credentials=credentials)
account = Account(primary_smtp_address='afgggn.t.auu', config=config,
                  autodiscover=False, access_type=DELEGATE)
for item in account.inbox.all().order_by('-datetime_received')[:100]:
    print(item.subject, item.sender, item.datetime_received)

update This is the solution to the problem after the trouble of searching for solutions download the domain validation certificate as *.crt or *pem file open the file in editor and copy it's content to clipboard find your cacert.pem location: from requests.utils import DEFAULT_CA_BUNDLE_PATH; print(DEFAULT_CA_BUNDLE_PATH) edit the cacert.pem file and paste your domain validation certificate at the end of the file. Save the file and enjoy requests!

Answer 1

I got the same issue on Ubuntu 22.04. And in my case my /etc/ssl/certs/ca-certificates.crt was not valid. I made a copy of it and replaced it with https://curl.haxx.se/ca/cacert.pem. This resolved the error.

Answer 2

exchangelib uses requests to do the actual HTTP requests. This means you can set the REQUESTS_CA_BUNDLE environment variable. See How to force requests use the certificates on my ubuntu system