Hi Willy, Recently, you updated the SSL certificate of haproxy.org, git.haproxy.org, ... to a new certificate from StartSSL.
Unfortunately, recently, there was an incident of several misissued certificates by this CA as well as shady business decisions involving WoSign which resulted in Chrome [1] and Firefox [2] no longer trusting the CA's root certificates with their next respective releases. Apple has revoked trust to certificates issued after December 1 [3] which just barely doesn't affect the current cert. I have found no statement by Microsoft. With the next release of Firefox and Chrome, users using the https versions of the websites will thus receive a strongly worded error similar to other TLS errors involving invalid certificates. I'd thus recommend to update the certificate again and use a more trusted CA. With Let's Encrypt being widely supported, well automateable and also free, I'd recommend this one. Best, Holger [1] https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html [2] https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/ [3] https://support.apple.com/en-us/HT202858