Please fix download.proxmox.com certificate

[averuser]

Hello developers and maintainers,
we users are grateful for the freely accessible virtual platform and its updates. However the certificate of the package and image server, https://download.proxmox.com, is still misconfigured, only issued to enterprise.proxmox.com. As a result, HTTPS connections to the first URL are all aborted because of certificate warnings.
IMHO there are just no incentives today to not provide HTTPS service on a public server. Even Debian is shipping apt-transport-https by default as of buster.

Please fix this issue if possible.

 

[gradinaruvasile]

The certificate itself is valid (issued by Let's Encrypt) until October 2 2019, only it is issued to another subdomain - enterprise.proxmox.com instead of download.proxmox.com.

 

[averuser]

The certificate itself is valid (issued by Let's Encrypt) until October 2 2019, only it is issued to another subdomain - enterprise.proxmox.com instead of download.proxmox.com.

Yeah, I didn't question the validity of the certificate itself, I used the word "misconfigured" instead. And as far as I can tell from my experience, they can just change the certificate request command at anytime and get a new cert. (within Let's encrypt rate limit, of course)
I suspect they didn't notice this issue, or maybe they are intentional. The certificate is valid only for 3 months and is normally renewed by a scheduled program. Back in March, it was not valid for the "download" subdomain, it still is the case in August.

 

[tom]

http://download.proxmox.com is not available via https.

if you need https, please go to https://enterprise.proxmox.com - subscribers only.