question

Dom-0655 avatar image
0 Votes"
Dom-0655 asked ryanchill commented

Invalid Certificate for myget.org

Hi there,

Does anybody know if Microsoft owns the domain myget.org? One of our Azure Pipelines build processes uses this domain, but the build is failing with the following error: "Unable to load the service index for source https://dotnet.myget.org/F/aspnetcore-dev/api/v3/index.json. The SSL connection could not be established. The remote certificate is invalid according to the validation procedure." Browsing to dotnet.myget.org in a browser does indeed flag up the fact that the certificate is invalid.

Looking at the certificate, it's been issued to *.oneroute.microsoft.com but, of course, the URL of the site (myget.org) doesn't match. I'm guessing this is why the certificate is invalid. (The certificate's "valid from/to" dates are also a little misleading, until you realise that a "valid to" date of 03/09/2021 is 3rd September 2021, and not 9th March 2021.) Due to the certificate being issued to Microsoft, I've assumed that the myget.org domain is a Microsoft-owned site, and it would be Microsoft's responsibility to update the certificate.

To that end, I raised a support ticket in Azure, but the impression I got from the support engineer is that he didn't recognise the fact that Microsoft needs to update the certificate. I've asked for confirmation from him that Microsoft owns the site (and hence, they'd need to update the certificate) but so far I've had no response.

So I asked @AzureSupport the same question on Twitter, and they simply directed me to this site to ask the question

Am I going mad, or am I right in thinking it's Microsoft who should be updating the certificate for myget.org? Thanks in advance!

azure-webapps-ssl-certificates
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

brtrach-MSFT avatar image
0 Votes"
brtrach-MSFT answered Dom-0655 commented

@Dom-0655 Thank you for your question.

As of December 16th, 2020, dotnet.myget.org was retired. This is why you are encountering certificate issues.

The recommendation going forward is to use Azure Artifacts.

Please let us know if you have any further questions or concerns and we would be happy to address them.


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the reply!

The Azure engineer found the same thing, and between us we figured it out.

He recommended adding a NuGet.Config file to the solution, which specified different package sources other than dotnet.myget.org, and updating the YAML file to use that.

Worked a treat. Thanks again.

0 Votes 0 ·
DavidPrez-2398 avatar image
0 Votes"
DavidPrez-2398 answered ryanchill commented

Hi! I'm facing the same issue. I got <add key="dotnet-core" value="https://www.myget.org/F/dotnet-core/api/v3/index.json" />, but I wonder what should I use now? Thanks!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

You won't be able to use myget.org/F/dotnet-core as it's been deprecated. You can follow https://github.com/dotnet/runtime/blob/main/docs/project/dogfooding.md on how to add package source for the daily builds.

0 Votes 0 ·