code.cloudfoundry.org HTTPS certificate incorrect

[ymorin-orange]

When trying to reach https://code.cloudfoundry.org/, the certificate presented is invalid for the code.cloudfoundry.org domain:

$ curl 'https://code.cloudfoundry.org/'
curl: (51) SSL: certificate subject name (*.de.a9sapp.eu) does not match target host name 'code.cloudfoundry.org'

This prevents fetching go packages that use code.cloudfoundry.org as a redirector; see for example this issue about vendoring Elastic Search beats

[batrov]

I've got similar issue showing this error:

go: code.cloudfoundry.org/go-diodes@v0.0.0-20190809170250-f77fb823c7ee: unrecognized import path "code.cloudfoundry.org/go-diodes" (https fetch: Get https://code.cloudfoundry.org/go-diodes?go-get=1: x509: certificate is valid for *.de.a9sapp.eu, de.a9sapp.eu, not code.cloudfoundry.org)

[spgreenberg]

This should be fixed now. The short answer is we moved the code app to cloud run on GCP and certs should be automatically renewed. Please let me know if you run into additional problems.

The longer explanation involves the linux foundation's DNS provider limitations + EC certs being the new let's encrypt default + limitations on EC certs on a9s + an alias DNS record. I can expand if anyone cares but will save you the details of what I believe happened as this is on cloud run now.

[ymorin-orange]

@spgreenberg

I can confirm that it is working on my side. 👍

Thank you for the explanations, and for the fast reply!

Happy new year (or whatever you may celebrate on your side)!