Question

Which SSL endpoints are officially supported by Maven Central?

Answer

Only https://repo1.maven.org and https://repo.maven.apache.org/ are supported for TLS communication. While there are numerous legacy HTTP based URLs that have been used to access Maven Central and continue to reference the same CDN endpoints (such as http://central.maven.org) those legacy names have always been explicitly disallowed for SSL access, resulting in certificate validation warnings and returning a 403 response code.

If you're receiving a 403 response as below:

HTTP/2 403

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
  <head>
    <title>403 Use https://repo1.maven.org</title>
  </head>
  <body>
    <h1>Error 403 Use https://repo1.maven.org</h1>
    <p>Use https://repo1.maven.org</p>
    <h3>Guru Mediation:</h3>
    <p>Details: cache-mdw17373-MDW 1547484198 1713177789</p>
    <hr>
    <p>Varnish cache server</p>
  </body>
</html>

check your Maven settings for a block which may be overriding the default Central endpoint. Otherwise, if you are using a caching proxy such as Nexus, verify that the proxy is configured to use one of the canonical SSL endpoints described above to resolve the issue.