Check the SSL cert of the JDS. The cert could have expired and has been renewed automatically.

@gda

I check my webserver.cer :

******@jds:/usr/local/jds/certs$ openssl x509 -inform der -in webserver.cer -noout -text
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 891666952 (0x3525c208)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=****** ******* JSS Built-in Certificate Authority
        Validity
            Not Before: Oct 25 10:00:11 2017 GMT
            Not After : Oct 26 10:00:11 2018 GMT

Check also the Subject Alternative Name of the JDS cert.
I think during the renewel process the JDS cert is now invalid because the cert doen't have a Subject Alternative Name for your JDS, only for your JSS.

There is a subject alternative name for the JSS only :

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 891666952 (0x3525c208)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=***** **** JSS Built-in Certificate Authority
        Validity
            Not Before: Oct 25 10:00:11 2017 GMT
            Not After : Oct 26 10:00:11 2018 GMT
        Subject: O=***** *******, OU=JAMF Distribution Server, CN=jds.*****.fr
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:

                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                5E:E0:0D:95:B9:43:01:7D:EB:36:57:C5:C4:46:47:15:78:5F:AB:41
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Alternative Name: 
                DNS:casper.*****.fr, DNS:*.casper.****.fr
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:https://casper.*****.fr:8443//CA/JAMFCRLServlet

            X509v3 Authority Key Identifier: 
                keyid:AF:AA:D0:90:EE:70:EF:0E:FE:5F:7C:29:2D:2F:62:B3:E4:26:D9:3D

    Signature Algorithm: sha256WithRSAEncryption

And thats the issue. When you try to open the JDS URL from the logs you got, then your browser should reject the certificate. Safari returns a message stating, that the remote server pretends to be your JDS, but in fact, the cert says something different.

So currently I don't know a way to get a cert for the JDS with the correct SAN.

I run in to the same issue several months ago and I had to switch to a file DP with https access. :(

I have to switch too but we have multiple remote sites, cloud solutions seems to be the right answer.

@rquinquis

It sounds like you may be running into PI-004248.

Please get in touch with support if you haven't already so they can take a look and either verify or rule out PI-004248 and, if it's determined this is what you're seeing, implementing the workaround to get it going again.

Also, please be aware that the JDS is in End of Life status and will be discontinued at the end of 2017 so when you contact support, it may be worth discussing getting switched over to alternative file distribution methods if you’ve not already decided on what the plan is for your environment.

Jamf no longer recommends using the JDS and support for it will eventually be discontinued.

Thanks!
Were Wulff
Jamf Customer Experience