Web server: json.schemastore.org serving wrong TLS cert (*.azurewebsites.net) — all schema fetches fail

[lachieh]

Area with issue?

Web server

✔️ Expected Behavior

HTTPS requests to https://json.schemastore.org/ should present a TLS certificate that is valid for the hostname json.schemastore.org, so that browsers, IDEs, and HTTP clients with normal certificate validation can fetch schemas (e.g. https://json.schemastore.org/eslintrc) without TLS errors.

❌ Actual Behavior

https://json.schemastore.org/ is currently serving the default Azure App Service certificate for *.azurewebsites.net instead of a certificate bound to json.schemastore.org. Every HTTPS client that performs standard certificate validation rejects the connection, so any tool that fetches schemas or the catalog from json.schemastore.org is broken.

schemastore.org and www.schemastore.org (served via GitHub Pages / Fastly) are unaffected — only the json. subdomain has the issue.

Reproduction

VS Code (real-world report from a user trying to load eslintrc):

Unable to load schema from 'https://json.schemastore.org/eslintrc': Not Found. The requested location could not be found.
Unable to connect to https://json.schemastore.org/eslintrc. Error: Hostname/IP does not match certificate's altnames: Host: json.schemastore.org. is not in the cert's altnames: DNS:*.azurewebsites.net

curl from the command line shows the same TLS verification failure:

$ curl -I https://json.schemastore.org/api/json/catalog.json
curl: (60) SSL: no alternative certificate subject name matches target host name 'json.schemastore.org'

Certificate observed (2026-04-27)

• Resolved IP: 168.62.224.13 (Azure App Service, North Central US)
• Subject: CN=*.azurewebsites.net, O=Microsoft Corporation, L=Redmond, ST=WA, C=US
• Issuer: Microsoft Azure RSA TLS Issuing CA 08
• Not Before: Apr 12 14:55:04 2026 GMT
• Not After: Aug 25 23:59:59 2026 GMT
• SANs: *.azurewebsites.net, *.scm.azurewebsites.net, *.sso.azurewebsites.net, *.northcentralus-01.azurewebsites.net, *.scm.northcentralus-01.azurewebsites.net, *.sso.northcentralus-01.azurewebsites.net, *.northcentralus.c.azurewebsites.net, *.scm.northcentralus.c.azurewebsites.net, *.sso.northcentralus.c.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net

None of the SANs cover json.schemastore.org, so the cert is the Azure platform default rather than a domain-bound cert.

JSON, YAML, or TOML file that does not work.

All of the schemas will fail to load until this is resolved.

IDE or code editor.

I'm using VSCode, but any consumer that validates TLS will fail to fetch schemas from json.schemastore.org until the cert is fixed. Disabling TLS verification is not an acceptable workaround for downstream users.

[madskristensen]

This should now be fixed

[madskristensen]

Btw, everyone should use www. instead of json. subdomains for accessing anything on schemastore.org. If you have any hardcoded values pointing to json., then replace it now with www.