As I mentioned on Github, I don't see those 404's (and I don't see how an HTTP domain that doesn't redirect to https:// can possibly result in an SSL certificate error), but regardless I've decided to use calibre's internal update notifier logic for that check anyway for separate reasons. It's a bit cleaner in terms of nested logic, and it is also future-proof as long as calibre maintains the same API which seems reasonable.
Note that calibre's internal update notifier logic embeds the private SSL certificate for that subdomain.
Code:
from calibre.gui2.update import get_newest_version
get_newest_version() # returns a tuple of the version from http://code.calibre-ebook.com/latest
...
On a side note. I've started gpg-signing my commits and tags, as well as the release archive (deterministically regenerated locally). So in case you wanted to check the PGP signature of this script -- which, since it just uses linux-installer.py, downloads and installs calibre without checking the PGP signature of calibre that is in fact available for checking -- you can now do that.
Regarding which, my PGP key fingerprint is:
Code:
BD27 B07A 5EF4 5C2A DAF7 0E04 8481 8A68 19AF 4A9B