Meta question about server cert at proxy.golang.org

With respect to this particular package, I'm not sure it is actually valid, but that's ok. I intend to refactor this to use a different package.  I'm more interested in the consequences of the error message.

I had started to see this error message when my k8s client code was connecting to some of our newer k8s clusters. In some cases, I would get that error.  I have since learned about adding the following block to my go.mod file:

This supposedly works around that problem (I'm not saying it "fixes" it).

In the case of "proxy.golang.org", I can get around that problem by putting "*.golang.org" into my "no_proxy", but I'm also wondering whether the server cert at "proxy.golang.org" actually is deficient with respect to this.

The other curious thing I've noticed is that I'm now having trouble repeating this problem with my k8s client code.  I tried commenting out that "godebug" block and rebuilding (hopefully forcing it to really rebuild everything) and connecting to the clusters that I thought I was seeing this with before, but now I can't get it to fail.

I was looking for more background on this situation, whatever you can provide.