Instantly share code, notes, and snippets.

Embed
What would you like to do?
Github Pages: Let's Encrypt!

Please petition Github to support HTTPS on github pages: https://github.com/contact

Here's what I wrote:

Obviously, a lot of people want HTTPS for github pages:

Until recently, that would be difficult to implement but, as it turns out, the implementation is pretty much complete:

I'm a freelancer, so I've got time and I'd love to help out in any way I can (I'd even come work for you at a substandard rate) if we could get this implemented by Let's Encrypt launch day.

You can also send a message to support@github.com

@benhutchins

This comment has been minimized.

benhutchins commented Nov 27, 2015

You're a freelancer that has spare time?

... I don't think you're doing it right.

+1 to https support for custom domains on github pages!

@qw3rtman

This comment has been minimized.

qw3rtman commented Nov 27, 2015

πŸ‘

@imbriaco

This comment has been minimized.

imbriaco commented Nov 27, 2015

This is a lot more complex than you seem to think. Obtaining a certificate is easy. Storing and handling hundreds of thousands or millions of them securely is decidedly not. Determining how that interacts with the CDN that fronts traffic to Pages, and dealing with securely distributing certificates is also far from trivial. And that's just a couple of factors that immediately come to mind.

Your best bet is to use a service like Cloudflare to front-end your free GitHub Pages site if you really require SSL.

@kevindeasis

This comment has been minimized.

kevindeasis commented Nov 27, 2015

+1 There must be a better way than spamming Github's inbox for contact & support?

@leighmcculloch

This comment has been minimized.

leighmcculloch commented Nov 27, 2015

@coolaj86 you can use @cloudflare with a custom domain in front of @github pages. It works. I do this for https://github.com/leighmcculloch/5tweets.com which you can see SSL'd at https://5tweets.com.

@peckrob

This comment has been minimized.

peckrob commented Nov 27, 2015

@lucas This is technically correct, but Server Name Identification has solved that problem for some time now, and is supported in the very large majority of browsers. Basically, anything IE7 and newer, although it is not supported by some spiders.

https://en.wikipedia.org/wiki/Server_Name_Indication

@RHavar

This comment has been minimized.

RHavar commented Nov 27, 2015

So this won't happen, if you understand how https works you'll understand.

@lucas: Thanks for the condescending and outdated explanation. For the last 10 years we've had: https://en.wikipedia.org/wiki/Server_Name_Indication

And supported by everything except IE8 on Windows XP: http://caniuse.com/#feat=sni

@dheera

This comment has been minimized.

dheera commented Nov 27, 2015

@leighmcculloch @imbriaco Putting Cloudfare HTTPS in front of a HTTP URL isn't technically secure. The link between Cloudflare and Github will be unencrypted.

@RHavar

This comment has been minimized.

RHavar commented Nov 27, 2015

@dheera That's not quite right, you can (trivially) tell cloudflare to only fetch the data from github over https itself. The real security concern is that you probably would prefer if cloudflare wasn't in the middle.

@dheera

This comment has been minimized.

dheera commented Nov 27, 2015

@RHavar Oh, I didn't realize GitHub already supported HTTPS on its .github.io URLs. In that case, yes. And yes, CloudFlare is a security concern of itself.

@dtinth

This comment has been minimized.

dtinth commented Nov 27, 2015

Well, @cloudflare does support Full SSL (Strict) mode, which means the connections between your users and CloudFlare, and between CloudFlare and GitHub pages, are all encrypted.

And it comes down to trust. I trust both CloudFlare and GitHub, so I’m comfortable with that setup already.

@vinitkumar

This comment has been minimized.

vinitkumar commented Nov 27, 2015

@dtinth: I have the exact same configuration and I am pretty happy with it.

@lucas

This comment has been minimized.

lucas commented Nov 27, 2015

Thanks @peckrob, I wasn't familiar with SNI! That should make it much more feasible than I thought :)

Happy Thanksgiving guys

@charliesome

This comment has been minimized.

charliesome commented Nov 27, 2015

HTTPS on GitHub Pages is something I'd personally _love_ to see happen, and I've been keeping an eye on tech that will make this more viable than it might have been in the past - such as Let's Encrypt for certificate issuance and the ssl_certificate_by_lua feature of ngx_lua so we can dynamically serve up the right certificate based on the SNI hostname in the TLS handshake.

That said, there's still a bunch of really complex problems that mean this is still hard. We'd need to store a significant amount of highly sensitive key material as securely as possible while still allowing our Pages Frontends to look them up dynamically on every request. Currently we terminate TLS at our load balancer tier - we'd need to push that back into the Pages Frontend tier so that our router can do it dynamically. GitHub Pages is also currently fronted by a CDN which further complicates this problem.

I cannot promise anything or give any timeframe right now, but HTTPS on Pages is something that we've been thinking hard about for a while. We know how important HTTPS is - it's just one of those problems that's quite complex and requires a lot of time and great care to solve.

@tracker1

This comment has been minimized.

tracker1 commented Nov 27, 2015

I thought github.io used cloudflare as it stands... even then, if there is a peering connection directly https from cloudflare to github is probably is less of a concern.

@subinsebastien

This comment has been minimized.

subinsebastien commented Nov 27, 2015

"A freelancer with spare time" - I always wanted to be one! πŸ˜…

@as1ndu

This comment has been minimized.

as1ndu commented Nov 27, 2015

it already supports it!!! πŸ˜„ check out my blog https://as1ndu.github.io

@wnda

This comment has been minimized.

wnda commented Nov 27, 2015

DigitalOcean is not that expensive.

@sneak

This comment has been minimized.

sneak commented Nov 27, 2015

if you CNAME your domain on cloudflare to GitHub pages using a username.github.io domain, it sends the Host header of the custom domain and github doesn't serve it. the TLS on the username.github.io pages resultantly only works when you are using the *.github.io URL, not if you have cloudflare fronting different TLS.

the only way rn to make it work is to create a CNAME file and have GitHub serve unencrypted to cloudflare, which I don't find to be a problem as it's a static site.

@prdonahue

This comment has been minimized.

prdonahue commented Nov 27, 2015

@sneak, technically you could use a Page Rule to re-write the header (requires Enterprise plan, however): https://support.cloudflare.com/hc/en-us/articles/206652947-Using-Page-Rules-to-Re-Write-Host-Headers.

@NetRat

This comment has been minimized.

NetRat commented Dec 7, 2015

+1

@merikan

This comment has been minimized.

merikan commented Dec 21, 2015

+1

@AndersDJohnson

This comment has been minimized.

AndersDJohnson commented Dec 24, 2015

+1

@quicoto

This comment has been minimized.

quicoto commented Jan 7, 2016

+1

@drakmail

This comment has been minimized.

drakmail commented Jan 19, 2016

+1

@manzato

This comment has been minimized.

manzato commented Jan 26, 2016

+1

@reederz

This comment has been minimized.

reederz commented Jan 29, 2016

πŸ‘

@jack-mcgrath

This comment has been minimized.

jack-mcgrath commented Jan 30, 2016

+1

@DarrienG

This comment has been minimized.

DarrienG commented Jan 31, 2016

+1

@enjikaka

This comment has been minimized.

enjikaka commented Feb 1, 2016

πŸ‘

@lagseeing

This comment has been minimized.

lagseeing commented Feb 1, 2016

+1

@apo11oCreed

This comment has been minimized.

apo11oCreed commented Feb 3, 2016

+1

@davidsilvasmith

This comment has been minimized.

davidsilvasmith commented Feb 4, 2016

+1

@willin

This comment has been minimized.

willin commented Feb 5, 2016

+1

@eligrey

This comment has been minimized.

eligrey commented Feb 5, 2016

πŸ‘

@cben

This comment has been minimized.

cben commented Feb 9, 2016

@charliesome If HTTPS on custom domains is hard, perhaps start by officially supporting HTTPS on *.github.io?
That uses just one wildcart cert, avoiding most of the complexity, and it fact that already works;
IIUC the only missing piece is that it's currently insecure between GitHub and your CDN?

@suvozit

This comment has been minimized.

suvozit commented Feb 10, 2016

🍺

@zixia

This comment has been minimized.

zixia commented Feb 20, 2016

πŸ‘

@dpjanes

This comment has been minimized.

dpjanes commented Feb 21, 2016

+1

@connor-baer

This comment has been minimized.

connor-baer commented Feb 21, 2016

πŸ‘

@RaviTezu

This comment has been minimized.

RaviTezu commented Feb 24, 2016

+1

@mohebifar

This comment has been minimized.

mohebifar commented Feb 25, 2016

πŸ‘

@rzeidler

This comment has been minimized.

rzeidler commented Feb 29, 2016

πŸ‘

@dalbelap

This comment has been minimized.

dalbelap commented Mar 3, 2016

πŸ‘

@daniellmb

This comment has been minimized.

daniellmb commented Mar 3, 2016

πŸ‘

@nubela

This comment has been minimized.

nubela commented Mar 7, 2016

Full disclosure: I work at Kloudsec.

Kloudsec auto-provisions and auto-renews LetsEncrypt certs for Github Pages with custom domains. See Kloudsec for Github Pages.

Kloudsec is a minimal CDN (open) platform. As an open platform, we implemented LetsEncrypt CA to auto-provision/auto-renew SSL certs. Just enable the One-click Encryption plugin.

To use, you only need to update your custom domain DNS records to point to our CDN's IP address. (Unlike Cloudflare, you can keep your nameservers)


Simply, Kloudsec for Github Pages solve the 2 biggest issues with custom domains on GIthub pages:

  1. No CDN support for apex domains
  2. No HTTPS for custom domains

You also get all the other plugins for free:

  • Page Optimizer (Pagespeed optimisations)
  • Service Doctor (Performance Analytics)

We have a public Telegram chat group for Kloudsec if you need help

@DerfOh

This comment has been minimized.

DerfOh commented Mar 8, 2016

πŸ‘

@mozey

This comment has been minimized.

mozey commented Mar 8, 2016

+1

@stefek99

This comment has been minimized.

stefek99 commented Mar 8, 2016

Internet is a small place.

Literally Today I've received an email from @nubela

Anyways, I found that Github Page at stefek99/htmlshell has a custom domain, and I was wondering if I can help you get it to HTTPS with a LetsEncrypt cert? (for free, of course!)

I work at Kloudsec (a free and minimal CDN for programmers) and I just built this tool to provision LetsEncrypt certs for github pages.

I wasn't sold on on CDN offering as GitHub pages are already using CDN but now... Searching for let's encrypt github pages leads me here and I see the Kloudsec again :)

Yep, internet is a small place.

@DerfOh

This comment has been minimized.

DerfOh commented Mar 9, 2016

@stefek99 Same here but I plus one'd the page too, I'm thinking there is some sort of bot watching this page or something...

@vukor

This comment has been minimized.

vukor commented Mar 10, 2016

+1

@metaskills

This comment has been minimized.

metaskills commented Mar 11, 2016

Well, I got the email too from Kloudsec and found this link. It does work really well. Got https://metaskills.net all setup in a few minutes. Two easy DNS records and it worked like a champ. I did get SSL warnings for the first half hour or so, but smoothed out eventually.

@victorperin

This comment has been minimized.

victorperin commented Mar 11, 2016

πŸ‘

@holys

This comment has been minimized.

holys commented Mar 12, 2016

@nubela thank you !

@elmariofredo

This comment has been minimized.

elmariofredo commented Mar 14, 2016

πŸ‘

@janschultecom

This comment has been minimized.

janschultecom commented Mar 16, 2016

+1

@hacdias

This comment has been minimized.

hacdias commented Mar 16, 2016

+1

@itzo

This comment has been minimized.

itzo commented Mar 19, 2016

+1

@PG2000

This comment has been minimized.

PG2000 commented Mar 20, 2016

+1

@ehhthing

This comment has been minimized.

ehhthing commented Mar 26, 2016

+1
PLEASE.

@luxifer

This comment has been minimized.

luxifer commented Mar 29, 2016

πŸ‘

@Josh-a-e

This comment has been minimized.

Josh-a-e commented Mar 30, 2016

πŸ‘

@cielpy

This comment has been minimized.

cielpy commented Mar 31, 2016

image

@begriffs

This comment has been minimized.

begriffs commented Apr 3, 2016

πŸ‘

@azizur

This comment has been minimized.

azizur commented Apr 3, 2016

πŸ‘

@azizur

This comment has been minimized.

azizur commented Apr 3, 2016

Everyone who has put a πŸ‘ on here should visit isaacs/github#156 and cast your vote on that issue.

@wongmjane

This comment has been minimized.

wongmjane commented Apr 12, 2016

πŸ‘

@claudijd

This comment has been minimized.

claudijd commented Apr 14, 2016

πŸ‘

@shea256

This comment has been minimized.

shea256 commented Apr 18, 2016

πŸ‘

@schickling

This comment has been minimized.

schickling commented Apr 20, 2016

+1

@ahaasler

This comment has been minimized.

ahaasler commented Apr 20, 2016

We need this! GitLab Pages supports it: https://gitlab.com/gitlab-org/gitlab-ee/issues/134

@tyteen4a03

This comment has been minimized.

tyteen4a03 commented Apr 22, 2016

Now that GitLab has it, I guess it's time to say goodbye to GitHub pages. They even have free private repos.

@nexocentric

This comment has been minimized.

nexocentric commented Apr 25, 2016

πŸ‘

@tinchou

This comment has been minimized.

tinchou commented Apr 26, 2016

You can use CloudFlare, they provide free DNS and free SSL. This guy has a good tutorial.

@samuelcolvin

This comment has been minimized.

samuelcolvin commented May 8, 2016

https://github.com/samuelcolvin/nginx-pages

Very cheap, open source alternative to github pages.

@cmelone

This comment has been minimized.

cmelone commented May 11, 2016

@robertoestivill

This comment has been minimized.

robertoestivill commented May 14, 2016

gitlab supports pages with ssl certificate out of private repos

@GreenTurtwig

This comment has been minimized.

GreenTurtwig commented May 30, 2016

πŸ‘ 🐱

@marianoviola

This comment has been minimized.

marianoviola commented May 31, 2016

πŸ‘

@BastinRobin

This comment has been minimized.

BastinRobin commented Jun 1, 2016

+1

@willin

This comment has been minimized.

willin commented Jun 2, 2016

+1

@mannysz

This comment has been minimized.

mannysz commented Jun 2, 2016

+1

@nhatbui

This comment has been minimized.

nhatbui commented Jun 4, 2016

+1000

@hypertexthero

This comment has been minimized.

hypertexthero commented Jun 4, 2016

Yes, please!

@taylorhakes

This comment has been minimized.

taylorhakes commented Jun 8, 2016

πŸ‘

@borehack

This comment has been minimized.

borehack commented Jun 10, 2016

πŸ‘ would be awesome

@sebasjm

This comment has been minimized.

sebasjm commented Jun 21, 2016

πŸ‘

@alexandergorskih

This comment has been minimized.

alexandergorskih commented Jun 22, 2016

+1

@kyledrake

This comment has been minimized.

kyledrake commented Jun 22, 2016

+1
neocitiesbackend

@mahmoudhossam

This comment has been minimized.

mahmoudhossam commented Jun 22, 2016

+1

@rajsite

This comment has been minimized.

rajsite commented Jun 23, 2016

πŸ‘ ✨ ✨

@evantahler

This comment has been minimized.

evantahler commented Jun 25, 2016

πŸ‘

@vuolter

This comment has been minimized.

vuolter commented Jun 26, 2016

😍

@tcasey

This comment has been minimized.

tcasey commented Jun 27, 2016

+1

@marcelinollano

This comment has been minimized.

marcelinollano commented Jun 29, 2016

πŸ‘

@damirkotoric

This comment has been minimized.

damirkotoric commented Jul 6, 2016

πŸ‘

@Oceanswave

This comment has been minimized.

Oceanswave commented Jul 6, 2016

πŸ‘

@kawa-marcin

This comment has been minimized.

kawa-marcin commented Jul 8, 2016

πŸ‘

@matiasgarciaisaia

This comment has been minimized.

matiasgarciaisaia commented Jul 11, 2016

For those reading about Kloudsec - it's shutting down on Aug 2016 :(

@hemache

This comment has been minimized.

hemache commented Jul 11, 2016

πŸ‘

@ewilliam

This comment has been minimized.

ewilliam commented Jul 12, 2016

πŸ‘

@geofftech

This comment has been minimized.

geofftech commented Jul 13, 2016

+1

@lightbeard

This comment has been minimized.

lightbeard commented Jul 14, 2016

+1

@markharding

This comment has been minimized.

markharding commented Jul 15, 2016

πŸ‘

@kajheijmans

This comment has been minimized.

kajheijmans commented Jul 19, 2016

+1

@mitjajez

This comment has been minimized.

mitjajez commented Jul 19, 2016

+1, i also wait Let's Encrypt @letsencrypt for IDN support

@tdurand

This comment has been minimized.

tdurand commented Jul 20, 2016

πŸ‘

@mayanez

This comment has been minimized.

mayanez commented Jul 24, 2016

+1

@lordring

This comment has been minimized.

lordring commented Jul 31, 2016

+1

@Ybrin

This comment has been minimized.

Ybrin commented Jul 31, 2016

+1

@bash

This comment has been minimized.

bash commented Aug 3, 2016

+1

@erickgirard

This comment has been minimized.

erickgirard commented Aug 5, 2016

+1

@TerenceTanWT

This comment has been minimized.

TerenceTanWT commented Aug 12, 2016

+1

@DirectorX

This comment has been minimized.

DirectorX commented Aug 13, 2016

+1

@leog

This comment has been minimized.

leog commented Aug 15, 2016

+1

@alexandrelucchesi

This comment has been minimized.

alexandrelucchesi commented Aug 16, 2016

+1

@dharness

This comment has been minimized.

dharness commented Aug 19, 2016

+1

@h0tbird

This comment has been minimized.

h0tbird commented Aug 27, 2016

+1

@martyanov

This comment has been minimized.

martyanov commented Aug 27, 2016

+1

@ojhaujjwal

This comment has been minimized.

ojhaujjwal commented Sep 1, 2016

+1

@vandoornum

This comment has been minimized.

vandoornum commented Sep 4, 2016

+1

@brettwise

This comment has been minimized.

brettwise commented Sep 6, 2016

Github Pages now support HTTPS out of the box: https://github.com/blog/2186-https-for-github-pages

@gleb-svechnikov

This comment has been minimized.

gleb-svechnikov commented Sep 7, 2016

+1

@guido4000

This comment has been minimized.

guido4000 commented Sep 11, 2016

@brettwise this is about custom domains

@nhantdn

This comment has been minimized.

nhantdn commented Sep 14, 2016

πŸ‘

@leksak

This comment has been minimized.

leksak commented Sep 14, 2016

+1

@samudary

This comment has been minimized.

samudary commented Sep 15, 2016

+1

@dkanbier

This comment has been minimized.

dkanbier commented Sep 15, 2016

+1

@aud

This comment has been minimized.

aud commented Sep 16, 2016

+1

@joejoinerr

This comment has been minimized.

joejoinerr commented Sep 16, 2016

+1

@protesilaos

This comment has been minimized.

protesilaos commented Sep 20, 2016

+1

@SurajVerma

This comment has been minimized.

SurajVerma commented Sep 21, 2016

+1

@Jared-Prime

This comment has been minimized.

Jared-Prime commented Sep 23, 2016

πŸ‘

@dwavid

This comment has been minimized.

dwavid commented Sep 24, 2016

+1

@romikoops

This comment has been minimized.

romikoops commented Sep 25, 2016

πŸ‘

@JikkuJose

This comment has been minimized.

JikkuJose commented Sep 30, 2016

πŸ‘

@ethagnawl

This comment has been minimized.

ethagnawl commented Oct 1, 2016

πŸ‘

@koppor

This comment has been minimized.

koppor commented Oct 8, 2016

Here the information on kloudsec's shutdown: https://www.reddit.com/r/webdev/comments/4s3kmf/got_an_email_saying_that_kloudsec_will_be/

As I feel unsecure about CloudFlare, I'm currently thinking to buy a 3$/month box at scaleway, use let's encrypt and nginx as proxy (http://serverfault.com/q/583374/107832 seems to be a good start for the configuration). Should be enough for low-traffic sites.

@adrw

This comment has been minimized.

adrw commented Oct 20, 2016

πŸ‘

@ngunner

This comment has been minimized.

ngunner commented Oct 21, 2016

+1

@george-black

This comment has been minimized.

george-black commented Oct 28, 2016

+1

@WendyStarfall

This comment has been minimized.

WendyStarfall commented Oct 29, 2016

πŸ‘

@konsolebox

This comment has been minimized.

konsolebox commented Oct 31, 2016

+1

@alsemyonov

This comment has been minimized.

alsemyonov commented Oct 31, 2016

+1

@wulfgarpro

This comment has been minimized.

wulfgarpro commented Nov 1, 2016

+1 for https on custom domains

@morugu

This comment has been minimized.

morugu commented Nov 9, 2016

+1

@leplatrem

This comment has been minimized.

leplatrem commented Nov 9, 2016

+1

@autophagy

This comment has been minimized.

autophagy commented Nov 12, 2016

+1

@ChristianMayer

This comment has been minimized.

ChristianMayer commented Nov 20, 2016

πŸ‘ HTTPS / SSL for a custom domain on GitHub Pages is really needed!

@hobson

This comment has been minimized.

hobson commented Nov 20, 2016

+1

@coollorenzo

This comment has been minimized.

coollorenzo commented Nov 22, 2016

+1

@barrosgeraldo

This comment has been minimized.

barrosgeraldo commented Nov 26, 2016

+1

@eppfel

This comment has been minimized.

eppfel commented Nov 28, 2016

πŸ‘

@jonmann20

This comment has been minimized.

jonmann20 commented Dec 1, 2016

+1

@bradbaris

This comment has been minimized.

bradbaris commented Dec 4, 2016

πŸ‘

@DanielMarquard

This comment has been minimized.

DanielMarquard commented Dec 6, 2016

+1

Github needs an API for managing certificates used with Github Pages!

@astorije

This comment has been minimized.

astorije commented Dec 11, 2016

πŸ‘

@lockie

This comment has been minimized.

lockie commented Dec 16, 2016

πŸ‘

@hoechenberger

This comment has been minimized.

hoechenberger commented Dec 18, 2016

+1

@tim-hub

This comment has been minimized.

tim-hub commented Dec 21, 2016

Github support

@dstroot

This comment has been minimized.

dstroot commented Dec 25, 2016

πŸ‘

@tjespe

This comment has been minimized.

tjespe commented Jan 1, 2017

+1

@proweb

This comment has been minimized.

proweb commented Jan 3, 2017

+1

@rflmyk

This comment has been minimized.

rflmyk commented Jan 4, 2017

+1

@Natim

This comment has been minimized.

Natim commented Jan 6, 2017

In the meantime I did use https://netlify.com/ to do so.

@byCedric

This comment has been minimized.

byCedric commented Jan 12, 2017

+1 @github, why not?

@managedkaos

This comment has been minimized.

managedkaos commented Jan 13, 2017

As stated earlier in the thread, there's overhead involved with handling certs for millions of sites.

For all the folks saying +1 to this, I wonder if you are paying users or using the free services as most of us are?

If you are using the service for free, would you be willing to pay guthub, say $1/month, to have your custom domain use HTTPS? Or even $5/yr to have custom domain on HTTPS?

I ask because I wonder if github did offer the service but charged for it, how many people would complain that they had to pay?

For the record, I use the services freely, I would appreciate having HTTPS on my custom domain, and yes, I would pay to have it.

@coreyward

This comment has been minimized.

coreyward commented Jan 20, 2017

@managedkaos β€”Β Yes I pay for Github. Yes I would pay additional for SSL. Selling my clients on $1 a month (or $20 a year for that matter) would be painless.

@stefek99

This comment has been minimized.

stefek99 commented Jan 25, 2017

Proper HTTPS for GitHub pages is something worth paying for.

@nicholasodonnell

This comment has been minimized.

nicholasodonnell commented Jan 28, 2017

+1

@WendyStarfall

This comment has been minimized.

WendyStarfall commented Jan 31, 2017

@managedkaos > I'm convinced that a growing number of users want private repositories for their GitHub pages with TLS for their custom domains and therefore adding that to the 'Personal plan' for US$ 7 per month could make sense. However as others already have mentioned, there are alternatives where either functionality is meanwhile provided cost-free.

I really enjoyed using GitHub (since 2011). It was super useful to me and I probably wouldn't mind paying. Students could make use of such functionality cost-free with the 'Student Developer Pack' because that already includes a one year SSL certificate.

@onlyangel

This comment has been minimized.

onlyangel commented Feb 4, 2017

+1

@laurawadden

This comment has been minimized.

laurawadden commented Feb 5, 2017

I would be willing to pay! I'm a free user right now, but I would pay upfront for the year and have it automatically renew.

@smaury

This comment has been minimized.

smaury commented Feb 6, 2017

+1

@alexsoble

This comment has been minimized.

alexsoble commented Feb 8, 2017

+1 :)

@mattes

This comment has been minimized.

mattes commented Feb 12, 2017

Not willing to pay for HTTPS in 2017. But def a +1.

If Squarespace can. Github can too!

At Squarespace, we believe we are responsible for providing a platform on which customers and their visitors can be assured a secure browsing experience.

https://engineering.squarespace.com/blog/2016/implementing-ssl-tls-for-all-squarespace-sites Let's encrypt all the way.

@nelyj

This comment has been minimized.

nelyj commented Feb 12, 2017

+1

@gtzilla

This comment has been minimized.

gtzilla commented Feb 14, 2017

I dunno if github reads this post and laughs or actually considers it when working on their product roadmap, but I would agree with all +1s and also say I would happily pay $5-12 a year to have SSL with a custom CNAME for a given domain.

@vittau

This comment has been minimized.

vittau commented Feb 14, 2017

+1!

@Aerlinger

This comment has been minimized.

Aerlinger commented Feb 15, 2017

+1

@rodolfoghi

This comment has been minimized.

rodolfoghi commented Feb 17, 2017

+1!
:)

@chicofilho

This comment has been minimized.

chicofilho commented Feb 20, 2017

+1

@paivaric

This comment has been minimized.

paivaric commented Feb 22, 2017

+1

@labynocle

This comment has been minimized.

labynocle commented Feb 22, 2017

+1 :)

@ianrenton

This comment has been minimized.

ianrenton commented Feb 23, 2017

+1. I am currently using CloudFlare to provide my GitHub Pages site over HTTPS on a custom domain - at least it looks secure as far as the user's browser is concerned. It would be great if GitHub Pages itself would support HTTPS on custom domains though.

@aykuxt

This comment has been minimized.

aykuxt commented Feb 24, 2017

+1 :)

@orarnoni

This comment has been minimized.

orarnoni commented Feb 26, 2017

+1

@chaseacton

This comment has been minimized.

chaseacton commented Feb 26, 2017

+1

@dimastopel

This comment has been minimized.

dimastopel commented Feb 26, 2017

+1

@jans23

This comment has been minimized.

jans23 commented Feb 27, 2017

+1

@xqus

This comment has been minimized.

xqus commented Mar 1, 2017

+1

@lsardinas

This comment has been minimized.

lsardinas commented Mar 2, 2017

+1

@peeyushsrj

This comment has been minimized.

peeyushsrj commented Mar 8, 2017

+1

@exeleon

This comment has been minimized.

exeleon commented Mar 8, 2017

+1

@MacKentoch

This comment has been minimized.

MacKentoch commented Mar 9, 2017

+1

@nextroop

This comment has been minimized.

nextroop commented Mar 11, 2017

+1

@Areso

This comment has been minimized.

Areso commented Mar 12, 2017

C'mon, GitHub, do it already!

@pedrorijo91

This comment has been minimized.

pedrorijo91 commented Mar 15, 2017

πŸ‘ +1

@enreeco

This comment has been minimized.

enreeco commented Mar 17, 2017

++

@lindenthal

This comment has been minimized.

lindenthal commented Mar 20, 2017

+1

@studiocoucou

This comment has been minimized.

studiocoucou commented Mar 20, 2017

+1

@dev4223

This comment has been minimized.

dev4223 commented Mar 22, 2017

+1

@simon-am

This comment has been minimized.

simon-am commented Mar 23, 2017

+1

@danielpetrica

This comment has been minimized.

danielpetrica commented Mar 26, 2017

πŸ‘

@tarpey

This comment has been minimized.

tarpey commented Mar 27, 2017

+1

@romanenko

This comment has been minimized.

romanenko commented Mar 28, 2017

Please, please, please! πŸ‘

@jvke

This comment has been minimized.

jvke commented Mar 28, 2017

πŸ‘

@diogocapela

This comment has been minimized.

diogocapela commented Mar 29, 2017

+1

@mutley

This comment has been minimized.

mutley commented Mar 29, 2017

+1

@morgan

This comment has been minimized.

morgan commented Mar 30, 2017

πŸ‘

@SamuelMarks

This comment has been minimized.

SamuelMarks commented Mar 31, 2017

FYI: Offered to implement it for them, they just replied with:

Hello Samuel,

We are very interested in adding HTTPS for custom pages, right now we are mostly waiting on our CDN provider to finish their end before we can move forward.

Regards,
Daniel
@danayel
GitHub Support

@bithavoc

This comment has been minimized.

bithavoc commented Apr 2, 2017

πŸ‘

@joshdrink

This comment has been minimized.

joshdrink commented Apr 3, 2017

+1

@gatezh

This comment has been minimized.

gatezh commented Apr 3, 2017

+1

@inka

This comment has been minimized.

inka commented Apr 3, 2017

+1

@kennyifraser

This comment has been minimized.

kennyifraser commented Apr 10, 2017

+1

@maksdampf

This comment has been minimized.

maksdampf commented Apr 11, 2017

+1

@adnphllps

This comment has been minimized.

adnphllps commented Apr 13, 2017

+1

@entipe

This comment has been minimized.

entipe commented Apr 14, 2017

+1

@jiaweizhang

This comment has been minimized.

jiaweizhang commented Apr 15, 2017

+1

@deimosfr

This comment has been minimized.

deimosfr commented Apr 16, 2017

+1

@danielwagn3r

This comment has been minimized.

danielwagn3r commented Apr 17, 2017

+1

@gsidhu

This comment has been minimized.

gsidhu commented Apr 18, 2017

+1

@JessedeJonge

This comment has been minimized.

JessedeJonge commented Apr 18, 2017

+1

@FooSoft

This comment has been minimized.

FooSoft commented Apr 23, 2017

+1

@vincentlaucy

This comment has been minimized.

vincentlaucy commented Apr 25, 2017

+1

@alvin319

This comment has been minimized.

alvin319 commented Apr 26, 2017

+1

@Sasoon

This comment has been minimized.

Sasoon commented May 1, 2017

+1

@ligi

This comment has been minimized.

ligi commented May 5, 2017

+1

@MateusAmin

This comment has been minimized.

MateusAmin commented May 8, 2017

May we get an update? Thanks in advance!

@arturkraft

This comment has been minimized.

arturkraft commented May 8, 2017

+1

@cbartlett

This comment has been minimized.

cbartlett commented May 9, 2017

πŸ‘

@gherkins

This comment has been minimized.

gherkins commented May 10, 2017

πŸ‘

@ckerr

This comment has been minimized.

ckerr commented May 11, 2017

+1

@another-guy

This comment has been minimized.

another-guy commented May 17, 2017

+1

@kalimatas

This comment has been minimized.

kalimatas commented May 29, 2017

πŸ‘

@clarketm

This comment has been minimized.

clarketm commented Jun 1, 2017

+1

@maximko

This comment has been minimized.

maximko commented Jun 2, 2017

+1

@kerim

This comment has been minimized.

kerim commented Jun 7, 2017

+1

@Billybobbonnet

This comment has been minimized.

Billybobbonnet commented Jun 7, 2017

πŸ‘

@linuxsec

This comment has been minimized.

linuxsec commented Jun 9, 2017

really need this

@Ales-Grcar

This comment has been minimized.

Ales-Grcar commented Jun 9, 2017

+1

@dhowe

This comment has been minimized.

dhowe commented Jun 23, 2017

+1

@mrcopy

This comment has been minimized.

mrcopy commented Jun 27, 2017

+1

@uglow

This comment has been minimized.

uglow commented Jun 29, 2017

+1

@lukas-h

This comment has been minimized.

lukas-h commented Jul 2, 2017

+1

@niryariv

This comment has been minimized.

niryariv commented Jul 3, 2017

+1

@meeDamian

This comment has been minimized.

meeDamian commented Jul 3, 2017

πŸ‘

@wgallop99

This comment has been minimized.

wgallop99 commented Jul 15, 2017

+1

@mcartagenah

This comment has been minimized.

mcartagenah commented Jul 18, 2017

+1

@Ascendens

This comment has been minimized.

Ascendens commented Jul 19, 2017

+1

@ayghor

This comment has been minimized.

ayghor commented Jul 21, 2017

+1

@equinusocio

This comment has been minimized.

equinusocio commented Jul 27, 2017

+1

@UsmanAhmadSaeed

This comment has been minimized.

UsmanAhmadSaeed commented Jul 27, 2017

+99999999999999999999999999999999999999

@akyag

This comment has been minimized.

akyag commented Jul 28, 2017

+1

@dewetblomerus

This comment has been minimized.