Our package repositories are hosted on S3, behind a cloudfront distribution with SSL support via AWS certificate manager.
The prerelease repository is straight S3, and therefore any https requests returns an S3 cert and likely the client fails due to name mismatch.
Our docs and repo definition files prefer https. When upgrading to a prerelease, its easy to encounter this issue. We need to add ssl support for the prerelease repo, or at least formally document it.
Setting up SSL would entail creating a cloudfront distribution for prerelease, since S3 is not integrated with ACM, per https://docs.aws.amazon.com/acm/latest/userguide/acm-services.html