Closed ArtieReus closed 11 months ago
Retrieving the certificate from my local machine sometimes appears to be correct:
Alternative Name: DNS:ga.jspm.io, DNS:jspm.dev, DNS:ga.system.jspm.io, DNS:da.jspm.io, DNS:da.opt.jspm.io, DNS:dev.jspm.io
openssl s_client -connect ga.jspm.io:443 | openssl x509 -text -noout
depth=2 OU = GlobalSign Root CA - R3, O = GlobalSign, CN = GlobalSign
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
verify return:1
depth=0 CN = ga.jspm.io, O = "Cachenetworks, LLC", L = Chicago, ST = Illinois, C = US
verify return:1
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6e:69:35:f9:be:b1:a3:ab:90:81:69:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = BE, O = GlobalSign nv-sa, CN = GlobalSign RSA OV SSL CA 2018
Validity
Not Before: Aug 30 16:11:02 2023 GMT
Not After : Sep 30 16:11:01 2024 GMT
Subject: CN = ga.jspm.io, O = "Cachenetworks, LLC", L = Chicago, ST = Illinois, C = US
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cf:b3:a0:d8:00:57:ca:b4:75:cc:88:e2:02:35:
ab:05:0f:9c:1b:29:eb:3f:67:da:e3:bd:00:72:b3:
07:94:1a:00:a5:d4:fe:2b:b9:e7:2f:38:c4:01:f4:
1c:53:24:42:a9:e4:e9:39:62:c2:ec:2f:a5:f2:97:
2f:5e:ee:82:16:5c:c2:18:3a:67:6e:f9:98:58:ab:
35:92:99:03:1c:23:b3:29:e5:76:e0:d3:7a:45:07:
1e:fa:8e:c1:c3:30:4f:6a:ab:57:77:00:0d:95:69:
8f:e9:73:51:0c:0e:18:96:4d:ef:c6:43:33:98:e7:
a7:74:4c:18:eb:2d:b6:4e:f8:01:87:2a:2e:02:cf:
9d:a7:b2:1c:84:e1:22:c3:8a:de:eb:49:9a:52:b6:
28:dc:dc:fd:ec:43:5b:05:cb:86:fd:36:ce:99:ea:
15:3e:13:dc:ba:50:63:80:7a:22:5a:c7:5d:b6:6f:
06:29:b2:89:19:b5:72:c8:35:03:33:12:6c:16:9d:
43:c4:96:77:81:73:cc:41:2c:7d:7c:28:a4:bf:3a:
84:2b:6a:25:b9:77:e6:ad:b1:81:ae:c8:bb:72:60:
72:b4:e9:ba:dc:96:1c:e7:ba:a2:3f:2a:03:74:ba:
f2:50:90:e6:ed:9c:7f:a3:c7:5c:35:ee:6f:de:5c:
3a:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Basic Constraints: critical
CA:FALSE
Authority Information Access:
CA Issuers - URI:http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
OCSP - URI:http://ocsp.globalsign.com/gsrsaovsslca2018
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.4146.1.20
CPS: https://www.globalsign.com/repository/
Policy: 2.23.140.1.2.2
X509v3 Subject Alternative Name:
DNS:ga.jspm.io, DNS:jspm.dev, DNS:ga.system.jspm.io, DNS:da.jspm.io, DNS:da.opt.jspm.io, DNS:dev.jspm.io
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Authority Key Identifier:
F8:EF:7F:F2:CD:78:67:A8:DE:6F:8F:24:8D:88:F1:87:03:02:B3:EB
X509v3 Subject Key Identifier:
F4:A1:FA:C4:3D:EA:0F:5A:69:40:88:57:D2:54:42:AC:D1:E5:55:79
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 48:B0:E3:6B:DA:A6:47:34:0F:E5:6A:02:FA:9D:30:EB:
1C:52:01:CB:56:DD:2C:81:D9:BB:BF:AB:39:D8:84:73
Timestamp : Aug 30 16:11:04.420 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:C9:F4:B1:78:08:19:6C:63:1E:7B:55:
FC:DD:FC:13:2C:01:58:82:AB:37:42:6B:61:E9:5F:07:
63:F6:A7:51:9D:02:20:40:D9:5E:A1:34:A2:11:C5:87:
12:41:02:F7:ED:B0:2A:84:70:D8:BB:00:BF:16:BC:5C:
80:15:5F:83:C2:9A:77
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : EE:CD:D0:64:D5:DB:1A:CE:C5:5C:B7:9D:B4:CD:13:A2:
32:87:46:7C:BC:EC:DE:C3:51:48:59:46:71:1F:B5:9B
Timestamp : Aug 30 16:11:04.803 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:08:38:46:B2:80:14:B1:CD:54:EA:96:A7:
24:1F:65:C8:0B:3B:63:F1:B3:D1:41:76:53:F7:0D:CF:
92:A8:18:A9:02:21:00:E7:2F:D9:E4:FA:A7:55:68:7A:
BF:58:08:42:0E:B6:33:B7:2A:0A:04:19:02:03:17:49:
B3:FE:A8:30:58:83:04
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : DA:B6:BF:6B:3F:B5:B6:22:9F:9B:C2:BB:5C:6B:E8:70:
91:71:6C:BB:51:84:85:34:BD:A4:3D:30:48:D7:FB:AB
Timestamp : Aug 30 16:11:04.054 2023 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:66:3A:B3:6E:30:57:7E:43:C3:51:13:6F:
B5:73:9B:1C:2E:BD:9B:FA:FB:E3:68:22:97:00:2A:E1:
73:C8:22:D8:02:20:7C:9D:01:64:BC:3F:F1:8B:F9:2D:
BF:8A:22:AA:99:48:3B:47:69:B2:84:2E:3D:67:2B:8D:
ED:45:70:98:9A:FC
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
0e:90:a0:fa:2e:72:08:b0:88:0f:25:53:ce:3b:a8:9d:3b:df:
d6:5f:91:60:96:1a:b9:1f:78:9a:c4:75:b9:f5:d3:37:f7:a3:
94:88:30:26:34:76:5c:7f:99:6a:5f:70:7a:88:59:f3:5c:ed:
60:21:77:e5:7c:bb:2a:0b:bb:86:95:a1:34:ea:89:e3:3e:f1:
81:78:e6:37:c3:1c:b3:8a:4e:63:57:3c:b7:d8:40:fa:12:f4:
71:0c:bc:97:d8:16:1f:d9:cd:40:3e:95:6e:d5:0a:6d:64:c6:
bf:0d:de:ee:ba:d0:b7:39:15:bb:f5:bc:e4:67:26:7a:2e:a1:
a0:d9:b9:12:ce:34:3e:5a:bb:bb:c0:c2:f3:21:8a:d2:ac:fc:
37:c3:9d:09:0c:7c:54:bd:c0:a2:a0:6d:2d:89:4f:ab:5e:74:
76:29:84:24:ee:65:f2:b4:4b:1e:a0:6f:2e:d3:f5:5a:8a:d1:
11:ed:f7:4b:3d:0b:60:66:43:ab:d7:c5:d2:79:7b:78:2d:c2:
33:1d:3f:d4:0f:7f:16:da:24:b4:be:2e:8e:f6:7c:f5:7b:7c:
fd:c5:08:69:59:06:19:41:41:ce:59:11:cc:0f:5b:09:e2:c5:
77:32:61:f4:79:3d:b0:ff:e7:73:f1:17:07:ee:3e:91:ff:fb:
b7:79:e3:a9
Thanks for sharing, CacheFly did have some instability yesterday - https://www.cacheflystatus.com/. Did you experience this yesterday or today?
If you can share a debug dump from https://cachefly.cachefly.net/CacheFlyDebug that would help to follow-up further.
We encountered the issue for the first time today, and it persists in our CI. Additionally, we occasionally observe the issue when reproducing it from the browser (see picture).
What do you mean exactly with debug dump from https://cachefly.cachefly.net/CacheFlyDebug
??
What do you mean exactly with debug dump from https://cachefly.cachefly.net/CacheFlyDebug ??
@ArtieReus can you share the network base64 data from that URL?
sure:
pM3LyMLjhLi4m5ChsmRgZFadmqWcl6+Hdqluv4/BzJLX2JKZs9qC7MiolIjW4NFacpCVmZt0nq1WpZSmTpmeppRRm5+PUZiak5OWkYl8brzJxNjZ55ZsU4a4ltnayqyHdrSV4NHd3I7Fk5Lo5OmFsW54pVmVmpJWcZOVnJN7jO+J2IGoUJaYo5NRm6OPUpefgcXH2XTR093Mkp6hqWFSppLSiKiYl62rmpZZo52fl1mB6Indj65Zl2uOlECCz8KDq8aD0dOv4NyX5cWTV6CF29OJ1t7YjsaMkpeCbZXh1tDha5h6mVFSU3vEu7i6xpq3qoWO29Hdy5lrk0CZj9Boxq6z0UCfqoFPTYGDiIWhsrxnwMDFb7Sqz4VdoIyzZbW8sK+mqKZ5hI+IgcvDvIN7g3TOrry0rsi7uap9jKysh0/T1I2o1+mE5sTho2yxraVllY/T0NVQjJlAl7zEda23y8Rztr6qbqnJgZ6gg16PhI+IvMK1yoZ3hnTOtbi8scm+yYVdqo+1rHRrk0CZj9Bjxq/CuW62y7V5k6bAiKKEjINAl4GTe6u0wLllsMDAbKe6qLWqwHSsoo9ygZCQmYyFdnK4uMfHt7vHscJAqa2OlmPC1ojeteGZu8bQ6YdsjIFAY7y1rbabscx01rbFacWFr6NAka/Cg8rRp83bp7nR2dZygZCQmYx2gmPEtbi2vdnPvq59jKysh0+k1IPh1LuM8KXT1pXJdoFAY4G+rLSJwcZlxbXScre0xsJAn6qBT8XNxMnHycDok93Pyt7opmJgZFGdoaLQ3efmdoVAjI/JumWzyWXLzsVyxrW9t2+uyYFdgYGrvLmWm6pOqGuTQIiFzbdlr7u1ZcGtpaW0wHSsoo+ZmqOeqmdgZVKjlqhyiZqajMBysby9u2XAw2/Lw9JAtJ+OfkCCjIF7lqa1vqqYy7pku7PQQKWjkpZQkKORTpmcj5KSnF6PhI+IvMO1y4d3hX+/t8W8xpq3qoVYnHmOh0CBznO+wctlycC8tW2nyYFdgYFtiIVmjNRoy7XDf7C0xbl9gqmfQMXNxMnHycDoktLJxNjV352rYY7U3H2IiZqax610wL/Nv3+kuXK+sMF/wLHLlF2gjJJZdo+UnpN4nq1OrGuTQIiFza10trzAeMGvp7OnpKDOt7i4vpCtt1FjY06mmKGfmairnJ4qjI+Oh3upx3TJzs1/uqfAuWGuy7RwkrO3xYWDqplYp2uTQIiFza10trzAY6OvqabBpqO9uMG3rc2Qtm9SoIHnldTPzreqdoVAjI/Jr3S1w3/MtLh/uqnNyWG/jJ5eY4Om0Ne12eKV5IOulqWHo5ZYhJiBQqnb0MjOyHSyzOHXztWStKdvVVGgoJWUiZzI29ldra6w2YHP10K05bJCsJqQfkCCjIF7i7W3uMSZsbx/uqnSdanEv7Riq7imfYKpn4Ghk16PhI+IvLjEzYGRhmWyx7awyM+7y7VsrcO0tnKu0EC2rZVC5MLRw3OEdoFAY4G+sLmavNh1x6jFYayq0a5utbGkdbSxwLOntKm0t8O7vpCtt1FjPUCPiJPDsc7OvMR1v7TAxmGouG7NzJVdtYG745rL2M2BcpaRmIVuudqD4M/nj9vNrYVp0ODGjIK5wsSCsqePvI+Zkc+hrpBpXECw2OPUztHfzrCJ4J6jmlePplaZl8Boy666oEDO1cyFY6jIy9C1lZlj39Pijc2Uo5ZYkJyPUJCcgbTDybXhzZ6dlKeerGc8U0CPiM6wvc7Ky6Zjr7S+u32BsF6Z49qY65DW6I3OmMKQs83My8a61eiOptnblNXRnd2NzpjCkNLYysTD173e0p7gztyr6m5iYVmb0eDJ0N+pzduJ0pvX1IHI2E/w1NeQo8rb1YfHm8KQsciPkpRwp+pdp4+rTMnV4tGJxc3VidHakNTLysLUyJzN2dPY2p+ZmFvlpdWbpOu3nJNXdo+Oh0C8u3TNv9RzvKTNumW2r6l/lqq3rcJmqbdA5dDhhXKFkoVAvbS1dLLLtKalwpq0uLKwwL2/vXaPU12tiOHJ3+PhzdmFdo+Oh0C8u3TNv9RzvKTNumW2r6l/mLSousJmqbdAtpJ9QIiFksBotsCxf7WxpMCoqKiyrM6spsPE1lFvcUDT19bd1t/o4G9AjI+Owmi1x3DYsLhjvLHC02Wwr7BkjK+qxYWDqpmH8crjTIjJ18uMw+DGTILO02uCg3SPv7e8tcDPunR1eHDDx7+pt8HPraxlyY+rpUDF2E29tKGE3JzfsVCQpY2FsY64u6C3qalOr43YjqPWr5VOmXaBQIKMvKm2t6TOvM66prG82HqCkECsppOZoq2onZtOnqGilVWbqVGpqKwql4GOlHuytLF/lqavrsJmqbdApqTUg9DKuNGZptHDlcl2gYGCg6/BqcC9psPE2IV7gGXOrr+3qs7XjKJejKCkoFiZqVKxoqdOp5SjpiqCjIFAnrOoubqLv81/y6rAZcWFr6NAk6KaWJqik5mVlV6PhI+IvL/CwniPU12tiOjW0vK0do4q
We have reduced the setup to following small script:
import https from "https"
const downloadFile = (url, path) => {
return new Promise((resolve, reject) => {
https
.get(url, (response) => {
console.log("done!!")
resolve()
})
.on("error", (err) => {
reject(err)
})
})
}
downloadFile(
"https://ga.jspm.io/npm:@tanstack/react-query@4.28.0/build/lib/",
"."
)
When executing this script iteratively between 3 and 10 times, it consistently encounters the ERR_TLS_CERT_ALTNAME_INVALID error at least once.
Error:
┗➜ node test.mjs
node:internal/process/promises:288
triggerUncaughtException(err, true /* fromPromise */);
^
Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: ga.jspm.io. is not in the cert's altnames: DNS:*.rbxcdn.com, DNS:*.cachefly.net, DNS:rbxcdn.com
at new NodeError (node:internal/errors:405:5)
at Object.checkServerIdentity (node:tls:337:12)
at TLSSocket.onConnectSecure (node:_tls_wrap:1610:27)
at TLSSocket.emit (node:events:517:28)
at TLSSocket._finishInit (node:_tls_wrap:1017:8)
at ssl.onhandshakedone (node:_tls_wrap:803:12) {
reason: "Host: ga.jspm.io. is not in the cert's altnames: DNS:*.rbxcdn.com, DNS:*.cachefly.net, DNS:rbxcdn.com",
host: 'ga.jspm.io',
cert: {
subject: [Object: null prototype] {
C: 'US',
ST: 'Illinois',
L: 'Chicago',
O: 'Cachenetworks, LLC',
CN: '*.rbxcdn.com'
},
issuer: [Object: null prototype] {
C: 'BE',
O: 'GlobalSign nv-sa',
CN: 'GlobalSign ECC OV SSL CA 2018'
},
subjectaltname: 'DNS:*.rbxcdn.com, DNS:*.cachefly.net, DNS:rbxcdn.com',
infoAccess: [Object: null prototype] {
'CA Issuers - URI': [ 'http://secure.globalsign.com/cacert/gseccovsslca2018.crt' ],
'OCSP - URI': [ 'http://ocsp.globalsign.com/gseccovsslca2018' ]
},
ca: false,
bits: 256,
pubkey: Buffer(65) [Uint8Array] [
4, 36, 195, 143, 223, 247, 241, 105, 215, 31, 88,
62, 110, 16, 159, 111, 13, 104, 244, 232, 67, 160,
139, 230, 17, 232, 245, 112, 11, 42, 182, 130, 55,
11, 122, 84, 60, 26, 110, 46, 178, 191, 48, 160,
82, 238, 14, 101, 81, 245, 43, 49, 18, 95, 60,
77, 88, 0, 116, 26, 22, 38, 49, 11, 67
],
asn1Curve: 'prime256v1',
nistCurve: 'P-256',
valid_from: 'Nov 18 00:01:02 2022 GMT',
valid_to: 'Dec 20 00:01:01 2023 GMT',
fingerprint: 'C3:6F:4B:5C:0E:DB:55:7A:5A:10:E5:90:29:43:77:09:6F:50:86:EE',
fingerprint256: '3B:CB:25:DA:E0:3F:55:9F:8D:57:CA:31:C7:17:12:7F:21:BE:5A:A5:BB:2A:FA:E5:48:6A:4D:30:D4:22:86:1F',
fingerprint512: 'CC:45:2B:E9:7D:F5:B1:82:ED:71:C8:5C:FC:DA:30:6F:D3:90:E7:A0:79:98:47:26:9D:E6:1C:91:1C:CD:18:B9:A8:42:98:3E:70:A9:73:AA:A9:AF:FF:7C:24:A9:24:28:D1:0A:30:A2:7D:99:1C:5D:9D:A9:8B:4C:C3:EF:28:6D',
ext_key_usage: [ '1.3.6.1.5.5.7.3.1', '1.3.6.1.5.5.7.3.2' ],
serialNumber: '24804D6D2C53D7B3D62BFE06',
raw: Buffer(1269) [Uint8Array] [
48, 130, 4, 241, 48, 130, 4, 119, 160, 3, 2, 1,
2, 2, 12, 36, 128, 77, 109, 44, 83, 215, 179, 214,
43, 254, 6, 48, 10, 6, 8, 42, 134, 72, 206, 61,
4, 3, 3, 48, 80, 49, 11, 48, 9, 6, 3, 85,
4, 6, 19, 2, 66, 69, 49, 25, 48, 23, 6, 3,
85, 4, 10, 19, 16, 71, 108, 111, 98, 97, 108, 83,
105, 103, 110, 32, 110, 118, 45, 115, 97, 49, 38, 48,
36, 6, 3, 85, 4, 3, 19, 29, 71, 108, 111, 98,
97, 108, 83, 105,
... 1169 more items
],
issuerCertificate: {
subject: [Object: null prototype] {
C: 'BE',
O: 'GlobalSign nv-sa',
CN: 'GlobalSign ECC OV SSL CA 2018'
},
issuer: [Object: null prototype] {
OU: 'GlobalSign ECC Root CA - R5',
O: 'GlobalSign',
CN: 'GlobalSign'
},
infoAccess: [Object: null prototype] {
'OCSP - URI': [ 'http://ocsp2.globalsign.com/rootr5' ]
},
ca: true,
bits: 384,
pubkey: Buffer(97) [Uint8Array] [
4, 195, 161, 17, 141, 101, 35, 225, 150, 225, 187, 171,
166, 208, 3, 93, 79, 77, 237, 25, 15, 252, 113, 227,
132, 37, 21, 169, 181, 4, 206, 30, 45, 227, 126, 193,
248, 48, 106, 91, 27, 146, 60, 192, 68, 35, 61, 178,
47, 223, 157, 7, 138, 54, 210, 128, 150, 3, 102, 52,
225, 211, 153, 93, 213, 127, 1, 155, 161, 200, 250, 251,
109, 135, 85, 102, 110, 85, 229, 255, 85, 226, 6, 161,
104, 117, 187, 178, 227, 107, 243, 67, 19, 180, 108, 93,
160
],
asn1Curve: 'secp384r1',
nistCurve: 'P-384',
valid_from: 'Nov 21 00:00:00 2018 GMT',
valid_to: 'Nov 21 00:00:00 2028 GMT',
fingerprint: '95:3E:42:EE:8D:62:7C:ED:52:B9:6A:DF:C0:22:26:B5:DE:13:04:17',
fingerprint256: '87:C7:15:53:44:5E:B3:C3:3C:3E:07:10:71:1B:99:E9:C7:77:3F:04:D9:1A:C3:8A:9F:4C:08:2E:E2:41:01:EA',
fingerprint512: '3C:9A:6B:69:B7:A0:F1:98:E3:EB:19:82:56:8A:97:50:DD:DA:73:83:39:06:EF:EE:76:4D:E7:7D:FF:19:C2:E6:56:73:29:9B:9E:9C:0F:30:E2:42:98:3F:13:67:9B:D8:F8:B3:D0:CF:8C:FE:77:59:58:64:CE:76:30:B2:7F:01',
serialNumber: '01EE5F2295424905F90191A8DC',
raw: Buffer(774) [Uint8Array] [
48, 130, 3, 2, 48, 130, 2, 137, 160, 3, 2, 1,
2, 2, 13, 1, 238, 95, 34, 149, 66, 73, 5, 249,
1, 145, 168, 220, 48, 10, 6, 8, 42, 134, 72, 206,
61, 4, 3, 3, 48, 80, 49, 36, 48, 34, 6, 3,
85, 4, 11, 19, 27, 71, 108, 111, 98, 97, 108, 83,
105, 103, 110, 32, 69, 67, 67, 32, 82, 111, 111, 116,
32, 67, 65, 32, 45, 32, 82, 53, 49, 19, 48, 17,
6, 3, 85, 4, 10, 19, 10, 71, 108, 111, 98, 97,
108, 83, 105, 103,
... 674 more items
],
issuerCertificate: <ref *1> {
subject: [Object: null prototype] {
OU: 'GlobalSign ECC Root CA - R5',
O: 'GlobalSign',
CN: 'GlobalSign'
},
issuer: [Object: null prototype] {
OU: 'GlobalSign ECC Root CA - R5',
O: 'GlobalSign',
CN: 'GlobalSign'
},
ca: true,
bits: 384,
pubkey: Buffer(97) [Uint8Array] [
4, 71, 69, 14, 150, 251, 125, 93, 191, 233, 57, 209,
33, 248, 159, 11, 182, 213, 123, 30, 146, 58, 72, 89,
28, 240, 98, 49, 45, 192, 122, 40, 254, 26, 167, 92,
179, 182, 204, 151, 231, 69, 212, 88, 250, 209, 119, 109,
67, 162, 192, 135, 101, 52, 10, 31, 122, 221, 235, 60,
51, 161, 197, 157, 77, 164, 111, 65, 149, 56, 127, 201,
30, 132, 235, 209, 158, 73, 146, 135, 148, 135, 12, 58,
133, 74, 102, 159, 157, 89, 147, 77, 151, 97, 6, 134,
74
],
asn1Curve: 'secp384r1',
nistCurve: 'P-384',
valid_from: 'Nov 13 00:00:00 2012 GMT',
valid_to: 'Jan 19 03:14:07 2038 GMT',
fingerprint: '1F:24:C6:30:CD:A4:18:EF:20:69:FF:AD:4F:DD:5F:46:3A:1B:69:AA',
fingerprint256: '17:9F:BC:14:8A:3D:D0:0F:D2:4E:A1:34:58:CC:43:BF:A7:F5:9C:81:82:D7:83:A5:13:F6:EB:EC:10:0C:89:24',
fingerprint512: '22:D9:4D:FA:10:7A:BA:9A:55:6B:4A:B6:57:AE:07:2F:B5:A6:7E:77:68:23:1D:75:DB:4E:BF:B6:3B:8D:E6:D4:17:F4:7D:66:A2:E0:CB:6C:96:EE:D4:82:75:6A:B8:17:2A:7F:7A:9A:F3:76:0C:7D:F9:99:7F:9F:12:C4:BE:4D',
serialNumber: '605949E0262EBB55F90A778A71F94AD86C',
raw: Buffer(546) [Uint8Array] [
48, 130, 2, 30, 48, 130, 1, 164, 160, 3, 2, 1,
2, 2, 17, 96, 89, 73, 224, 38, 46, 187, 85, 249,
10, 119, 138, 113, 249, 74, 216, 108, 48, 10, 6, 8,
42, 134, 72, 206, 61, 4, 3, 3, 48, 80, 49, 36,
48, 34, 6, 3, 85, 4, 11, 19, 27, 71, 108, 111,
98, 97, 108, 83, 105, 103, 110, 32, 69, 67, 67, 32,
82, 111, 111, 116, 32, 67, 65, 32, 45, 32, 82, 53,
49, 19, 48, 17, 6, 3, 85, 4, 10, 19, 10, 71,
108, 111, 98, 97,
... 446 more items
],
issuerCertificate: [Circular *1]
}
}
},
code: 'ERR_TLS_CERT_ALTNAME_INVALID'
}
Node.js v18.18.0
It appears to me that the load balancer intermittently redirects to a broken endpoint.
It appears the issue has been resolved? We implemented a more robust retry mechanism on our end and are no longer seeing any retries. From our perspective, everything looks good!
I was informed by CacheFly that due to their stability issues yesterday (https://www.cacheflystatus.com/) they had setup a temporary routing at this POP, and that temporary route had not yet been deactivated. Thanks for reporting back on this.
Since today I am encountering a recurring error when attempting to fetch from our CI resources from the ga.jspm.io.
Example: https://ga.jspm.io/npm:@tanstack/query-core@4.36.1/build/lib/index.mjs.map
Error: Error [ERR_TLS_CERT_ALTNAME_INVALID]: Hostname/IP does not match certificate's altnames: Host: ga.jspm.io. is not in the cert's altnames: DNS:.rbxcdn.com, DNS:.cachefly.net, DNS:rbxcdn.com
Has this somthing with the transition to CacheFly CDN??