Windows stack downloads are no longer secure
ndmitchell opened this issue · 6 comments
The page at https://www.stackage.org/stack/windows-x86_64 is marked as insecure by Google and PowerShell refuses to invoke content from it. This has broken all my CI scripts, because they won't run non-https content.
I don't know why it would be saying that. The SSL certs are up to date and redirect to an HTTPS link for github.com. Can you confirm that it is still happening?
I'm going to need more information, since this works fine on all of my systems. My guess is that your system isn't accepting the CA signing the certificate in question (Let's Encrypt).
Hmm, so I'm not totally sure if Chrome is just showing poor UI since I did that from the main page.
The root issue is that when I run:
Invoke-WebRequest 'https://www.stackage.org/stack/windows-x86_64' -OutFile 'stack.zip'
On AppVeyor VM's I get:
The request was aborted: Could not create SSL/TLS secure channel.
It worked last week, and has worked for many months without change. If there's no configuration changed on your end, I'll mark it down as a bug in AppVeyor. The workaround is to switch to:
Invoke-WebRequest 'https://github.com/commercialhaskell/stack/releases/download/v2.1.3/stack-2.1.3-windows-x86_64.zip' -OutFile 'stack.zip'
Which still works fine. Maybe it is Lets Encrypt, but given the percentage of the web using their certificates, that would seem like a pretty severe outage for AppVeyor.
Given I don't have any real additional information, feel free to close this unless it is also hitting your AppVeyor CI machines (if you still have some).
Appveyor is Windows 10, and likely to be a very new one at that. Maybe its stale DNS and will take a while to propagate. Given there's no way to reproduce this directly, and the error message doesn't give us enough to do anything, let's close. Thanks for checking though!