We've been getting this as well. When we set up our Exchange DNS records for our corp, Microsoft instructs to CNAME your domain to autodiscover.outlook.com for auto discovery as per the CNAME records from the admin centre domain setup wizard. Curiously, autodiscover.outlook.com digs out to other cnames that apparently don't match "outlook.com" See below
C:\Users\jeffj>dig autodiscover.outlook.com
; <<>> DiG 9.16.28 <<>> autodiscover.outlook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36725
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;autodiscover.outlook.com. IN A
;; ANSWER SECTION:
autodiscover.outlook.com. 249 IN CNAME autod.ha-autod.office.com.
autod.ha-autod.office.com. 58 IN CNAME autod.ms-acdc-autod.office.com.
autod.ms-acdc-autod.office.com. 8 IN A 52.96.230.40
autod.ms-acdc-autod.office.com. 8 IN A 40.100.163.184
autod.ms-acdc-autod.office.com. 8 IN A 40.100.162.184
autod.ms-acdc-autod.office.com. 8 IN A 52.96.163.232
Microsoft's connectivity test uses autodiscover-s.outlook.com which of course always passes. Digging that shows that it cname's to outlook.office365.com
C:\Users\jeffj>dig autodiscover-s.outlook.com
; <<>> DiG 9.16.28 <<>> autodiscover-s.outlook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50587
;; flags: qr rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;autodiscover-s.outlook.com. IN A
;; ANSWER SECTION:
autodiscover-s.outlook.com. 130 IN CNAME outlook.office365.com.
outlook.office365.com. 151 IN CNAME outlook.ha.office365.com.
outlook.ha.office365.com. 54 IN CNAME outlook.ms-acdc.office.com.
outlook.ms-acdc.office.com. 3594 IN CNAME yyz-efz.ms-acdc.office.com.
yyz-efz.ms-acdc.office.com. 4 IN A 52.96.215.82
yyz-efz.ms-acdc.office.com. 4 IN A 52.96.88.226
yyz-efz.ms-acdc.office.com. 4 IN A 52.96.88.210
yyz-efz.ms-acdc.office.com. 4 IN A 52.96.230.226
I went ahead and changed my autodiscovery record in my corps dns to CNAME to autodiscover-s.outlook.com instead of the suggested autodiscover-s.outlook.com by Exchanges wizard and so far I have not had the Cert revoked error come back up.
Don't know if this s the definitive solution, but the workaround appears to work.