<https://servo-buildbot.pub.build.mozilla.org/> gives an untrusted connection error because its cert is issued for secure.pub.build.mozilla.org.
It's not available on https, and since we have so many vhosts and a finite number of IPs, we host several sites on the same IP. So the cert served by :443 isn't for this particular vhost (it's probably for secure.pub.b.m.o). httpseverywhere is pretty fundamentally broken, imho -- the assumption that it can just randomly change the protocol for a site and expect it to work is pretty bogus. But it's what we've got. Anyway, maybe WebOps has a way of dealing with this?
The current certificate for that VIP is: Issuer: C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA Subject: C=US, ST=CA, L=Mountain View, O=Mozilla Foundation, CN=secure.pub.build.mozilla.org X509v3 Subject Alternative Name: DNS:secure.pub.build.mozilla.org Is it worth reissuing the DigiCert certificate to include a new SAN for servo-buildbot?
I thought this bug had been closed; we no longer use this domain, so there probably isn't a need.
Thanks for the update!