~alpine/users

alpine.gliderlabs.com redirect to HTTPS w/ invalid certificate

Michael Warkentin <michael@waveapps.com>
Details
Message ID
<CAHrfsumA9UKp_oaZHw6GGYuKhowZW-ksVekv2G6PQ_iEz5fbrQ@mail.gmail.com>
DKIM signature
missing
Download raw message
4 years ago 
Our apk configuration points to http://alpine.gliderlabs.com

# cat /etc/apk/repositories
http://alpine.gliderlabs.com/alpine/v3.9/main
http://alpine.gliderlabs.com/alpine/v3.9/community

This morning we noticed docker build failing with certificate errors:

SSL certificate subject doesn't match host alpine.gliderlabs.com
ERROR: http://alpine.gliderlabs.com/alpine/v3.10/main: Permission denied

In Firefox if I visit the repository URL, I get the following warning:

Firefox does not trust this site because it uses a certificate that is not
valid for alpine.gliderlabs.com. The certificate is only valid for the
following names: default.ssl.fastly.net, fastly.com, *.a.ssl.fastly.net, *.
hosts.fastly.net, *.global.ssl.fastly.net, *.fastly.com, a.ssl.fastly.net,
purge.fastly.net, mirrors.fastly.net, control.fastly.net, tools.fastly.net

Error code: SSL_ERROR_BAD_CERT_DOMAIN

I'm seeing a 301 permanent redirect (as well as HSTS headers) in curl when
I hit the repository:

mwarkentin@Michaels-iMac ~ % curl -I
http://alpine.gliderlabs.com/alpine/v3.9/community
HTTP/1.1 301 Moved Permanently
Server: nginx
Content-Type: text/html
Location: https://alpine.gliderlabs.com/alpine/v3.9/community
Strict-Transport-Security: max-age=31536000
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Via: 1.1 varnish
Content-Length: 178
Accept-Ranges: bytes
Date: Mon, 25 Nov 2019 16:53:57 GMT
Via: 1.1 varnish
Age: 7
Connection: keep-alive
X-Served-By: cache-jfk8126-JFK, cache-mdw17368-MDW
X-Cache: MISS, HIT
X-Cache-Hits: 0, 1
X-Timer: S1574700837.202582,VS0,VE0

I'm doing some work to switch over to https://alpine.global.ssl.fastly.net
instead, but I haven't seen any discussion on these issues anywhere else so
wondering if we've done something strange in our setup.

Thanks!

*MICHAEL **WARKENTIN* | Operations Engineer
<https://s3.amazonaws.com/wave-buoyant/public/Wave_logo_RGB-109x30.svg>
<https://www.waveapps.com/> <https://www.waveapps.com/>
<https://www.waveapps.com/> <https://www.waveapps.com/>
<https://www.waveapps.com/>

Join our community on Facebook <http://www.facebook.com/waveHQ>, LinkedIn
<http://www.linkedin.com/company/1196866>, or Twitter
<http://twitter.com/wavehq>

This message and any attachments are intended only for the use of the
addressee and should be considered confidential. If you are not an intended
recipient, you may not review, copy or distribute this message. If you have
received this communication in error or would like to stop receiving these
emails, please notify the sender by replying to this email. Wave is located
at 235 Carlaw Ave., Ste. 501, Toronto ON, M4M 2S1.
Reply to thread Export thread (mbox)