Custom domains on GitHub Pages gain support for HTTPS (opens in new tab)

(blog.github.com)

174 pointsmlitwiniuk8y ago40 comments

40 comments

30 comments · 10 top-level

myroon58y ago· 7 in thread

HTTPS does work for my site now, but I get this warning:

Your connection is not secure / Your connection is not private

Error code: SSL_ERROR_BAD_CERT_DOMAIN (Firefox)

NET::ERR_CERT_COMMON_NAME_INVALID (Chrome)

Trying adding the A records as described here:

https://help.github.com/articles/setting-up-an-apex-domain/

Will update if that works..

bad_user8y ago

This is because they have to check your A records and generate the certificate and from my observations that happens when you add the custom domain.

After I've set the A records, I removed the custom domain from GitHub's Settings and then re-added it.

It started working afterwards.

Philipp__8y ago

I did that, and still not working. After setting A records, re-entering custom domain and waiting for few minutes, I get this message in Settings of GH-pages `Domain's DNS record could not be retrieved`. Bummer. Maybe I was to eager to remove Cloudflare from the equation.

city418y ago

I get that warning if I go to https://mycustomdomain.com but I don't if I go to https://www.mycustomdomain.com

fladd8y ago

I contacted GitHub support about this already. I hope this gets resolved soon.

2 more replies

epberry8y ago

Same here. Redirect from http -> https works fine tho.

fladd8y ago

It is the same for my domain. Seems to be a bug.

Philipp__8y ago

Same here.

sinistersnare8y ago· 5 in thread

I use Cloudflare to get HTTPS on my github pages site, and I really like it. I get a lot of control over cached content and security, and statistics about site traffic. I am kind of happy that GitHub did not support HTTPS for custom domains, because then I would not have learned how to use Cloudflare.

bad_user8y ago

Cloudflare's HTTPS certificate is shared, which means that your website will share it with other dubious websites.

I'm looking at a website on which I have Cloudflare enabled and my certificate is being shared with about 24 other domains. For somebody that knows what HTTPS is about and what it protects against, that's not acceptable. We only accepted it because we find it as being a reasonable compromise given the alternative.

So why isn't Cloudflare generating Lets Encrypt certificates, instead of these shared ones? Given their fast response in pursuing other endeavors, my guess is that they need incentives for people to move to their business plans.

Therefore I'm glad that GitHub Pages can have HTTPS enabled for custom domains. It means I can now turn off CloudFlare.

I'm so glad in fact that I started paying GitHub for a $7 account, even though I don't currently have a need for private repos.

manigandham8y ago

What's unacceptable? There's nothing insecure about sharing a certificate among multiple hostnames.

Also you can get a dedicated certificate on the free plan for $5/month.

1 more reply

dannyw8y ago

What exactly is the problem? Amazon does the same as well, I believe.

The private keys are never given to you, or other sites. It is all within Cloudflare’s edge.

minimaxir8y ago

I use Cloudflare on my GitHub pages site, but never saw a HTTPS option. How do you enable that? (and now with GitHub providing certs, is it a better idea to use theirs?)

aaomidi8y ago

Cloudflare's dynamic https would add https on the USER->Cloudflare side of communications.

vinhboy8y ago· 2 in thread

My site says "Unavailable for your site because your domain is not properly configured to support HTTPS", but I don't see instructions to resolve it?

Spazer8y ago

If your site is configured with A records, you’ll need to change the IPs it’s pointing to before you’ll be able to get a cert:

185.199.108.153 185.199.109.153 185.199.110.153 185.199.111.153

From: https://help.github.com/articles/setting-up-an-apex-domain/

EDIT: You’ll also need to remove and re-add the domain in the repository settings after doing that too to trigger it to request a cert.

myroon58y ago

Can you expand on how to perform the steps added in your edit? Thanks!

1 more reply

modernerd8y ago· 2 in thread

Can you host multiple HTTPS sites at different domains from one GitHub account?

Spazer8y ago

You get a site per repository!

nickcannariato8y ago

Yep! This is absolutely possible.

pards8y ago· 2 in thread

Too little, too late.

I moved my repo to GitLab pages after Google announced it would prioritise sites that support HTTPS in its search results.

majewsky8y ago

You're wildly underestimating how difficult it is to roll out such a change in a backwards-compatible way. It's not like Github did this today after neglecting the feature request for years; they've been on public record at least many months ago saying that they were working on it.

Even if only 1% of users were unable to access a site after the switch to HTTPS, the amount of calls to Github support would be massive.

tony1018y ago

> "It's not like Github did this today after neglecting the feature request for years"

https://github.com/isaacs/github/issues/156

Cyberdog8y ago· 1 in thread

I've been doing HTTPS on hosted domains for years, and I don't really get how it works in this case. Is it that you don't use your own certificate, but GitHub automatically generates one with Let's Encrypt for you? If not, then how exactly do you give GitHub your cert? The instructions seem vague on this.

sattoshi8y ago

You check a checkbox and they generate a cert for your domain. Simple.

jscholes8y ago· 1 in thread

Could this be related to Google's recent announcement of the .app TLD with mandatory HTTPS[0]?

[0]: https://www.blog.google/topics/developers/introducing-app-mo...

JepZ8y ago

Very unlikely. Github is working on this since months/years [1] and it is much more likely they had to wait for wildcard support by let's encrypt plus a few weeks testing.

Googles announcement is much more along the lines of Progressive Web Apps (PWA) and Service Workers which require HTTPS [2].

[1]: https://github.com/isaacs/github/issues/156

[2]: https://developers.google.com/web/progressive-web-apps/check...

secure8y ago

This is great! Now, if only GitHub would be available via IPv6, that would remove the need for CloudFlare — not that I would necessarily remove CloudFlare, but I would feel better if my setup wasn’t dependent on it.

lostmsu8y ago

Hm, I get SSL_ERROR_NO_CYPHER_OVERLAP in Firefox on https://stack.blogs.losttech.software/ , that is served from https://github.com/losttech/stack-blog via Cloudflare.

MightySCollins8y ago

Such a shame they quietly broke IPv6 support.

j / k navigate · click thread line to collapse

40 comments

30 comments · 10 top-level

myroon58y ago· 7 in thread

HTTPS does work for my site now, but I get this warning:

Your connection is not secure / Your connection is not private

Error code: SSL_ERROR_BAD_CERT_DOMAIN (Firefox)

NET::ERR_CERT_COMMON_NAME_INVALID (Chrome)

Trying adding the A records as described here:

https://help.github.com/articles/setting-up-an-apex-domain/

Will update if that works..

bad_user8y ago

This is because they have to check your A records and generate the certificate and from my observations that happens when you add the custom domain.

After I've set the A records, I removed the custom domain from GitHub's Settings and then re-added it.

It started working afterwards.

Philipp__8y ago

city418y ago

I get that warning if I go to https://mycustomdomain.com but I don't if I go to https://www.mycustomdomain.com

fladd8y ago

I contacted GitHub support about this already. I hope this gets resolved soon.

2 more replies

epberry8y ago

Same here. Redirect from http -> https works fine tho.

fladd8y ago

It is the same for my domain. Seems to be a bug.

Philipp__8y ago

Same here.

sinistersnare8y ago· 5 in thread

bad_user8y ago

Cloudflare's HTTPS certificate is shared, which means that your website will share it with other dubious websites.

Therefore I'm glad that GitHub Pages can have HTTPS enabled for custom domains. It means I can now turn off CloudFlare.

I'm so glad in fact that I started paying GitHub for a $7 account, even though I don't currently have a need for private repos.

manigandham8y ago

What's unacceptable? There's nothing insecure about sharing a certificate among multiple hostnames.

Also you can get a dedicated certificate on the free plan for $5/month.

1 more reply

dannyw8y ago

What exactly is the problem? Amazon does the same as well, I believe.

The private keys are never given to you, or other sites. It is all within Cloudflare’s edge.

minimaxir8y ago

I use Cloudflare on my GitHub pages site, but never saw a HTTPS option. How do you enable that? (and now with GitHub providing certs, is it a better idea to use theirs?)

aaomidi8y ago

Cloudflare's dynamic https would add https on the USER->Cloudflare side of communications.

vinhboy8y ago· 2 in thread

My site says "Unavailable for your site because your domain is not properly configured to support HTTPS", but I don't see instructions to resolve it?

Spazer8y ago

If your site is configured with A records, you’ll need to change the IPs it’s pointing to before you’ll be able to get a cert:

185.199.108.153 185.199.109.153 185.199.110.153 185.199.111.153

From: https://help.github.com/articles/setting-up-an-apex-domain/

EDIT: You’ll also need to remove and re-add the domain in the repository settings after doing that too to trigger it to request a cert.

myroon58y ago

Can you expand on how to perform the steps added in your edit? Thanks!

1 more reply

modernerd8y ago· 2 in thread

Can you host multiple HTTPS sites at different domains from one GitHub account?

Spazer8y ago

You get a site per repository!

nickcannariato8y ago

Yep! This is absolutely possible.

pards8y ago· 2 in thread

Too little, too late.

I moved my repo to GitLab pages after Google announced it would prioritise sites that support HTTPS in its search results.

majewsky8y ago

Even if only 1% of users were unable to access a site after the switch to HTTPS, the amount of calls to Github support would be massive.

tony1018y ago

> "It's not like Github did this today after neglecting the feature request for years"

https://github.com/isaacs/github/issues/156

Cyberdog8y ago· 1 in thread

sattoshi8y ago

You check a checkbox and they generate a cert for your domain. Simple.

jscholes8y ago· 1 in thread

Could this be related to Google's recent announcement of the .app TLD with mandatory HTTPS[0]?

[0]: https://www.blog.google/topics/developers/introducing-app-mo...

JepZ8y ago

Very unlikely. Github is working on this since months/years [1] and it is much more likely they had to wait for wildcard support by let's encrypt plus a few weeks testing.

Googles announcement is much more along the lines of Progressive Web Apps (PWA) and Service Workers which require HTTPS [2].

[1]: https://github.com/isaacs/github/issues/156

[2]: https://developers.google.com/web/progressive-web-apps/check...

secure8y ago

lostmsu8y ago

Hm, I get SSL_ERROR_NO_CYPHER_OVERLAP in Firefox on https://stack.blogs.losttech.software/ , that is served from https://github.com/losttech/stack-blog via Cloudflare.

MightySCollins8y ago

Such a shame they quietly broke IPv6 support.

j / k navigate · click thread line to collapse