Create a gist now

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Github Pages: Let's Encrypt!

Please petition Github to support HTTPS on github pages: https://github.com/contact

Here's what I wrote:

Obviously, a lot of people want HTTPS for github pages:

Until recently, that would be difficult to implement but, as it turns out, the implementation is pretty much complete:

I'm a freelancer, so I've got time and I'd love to help out in any way I can (I'd even come work for you at a substandard rate) if we could get this implemented by Let's Encrypt launch day.

You can also send a message to support@github.com

@benhutchins

This comment has been minimized.

Show comment
Hide comment
@benhutchins

benhutchins Nov 27, 2015

You're a freelancer that has spare time?

... I don't think you're doing it right.

+1 to https support for custom domains on github pages!

You're a freelancer that has spare time?

... I don't think you're doing it right.

+1 to https support for custom domains on github pages!

@qw3rtman

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@imbriaco

This comment has been minimized.

Show comment
Hide comment
@imbriaco

imbriaco Nov 27, 2015

This is a lot more complex than you seem to think. Obtaining a certificate is easy. Storing and handling hundreds of thousands or millions of them securely is decidedly not. Determining how that interacts with the CDN that fronts traffic to Pages, and dealing with securely distributing certificates is also far from trivial. And that's just a couple of factors that immediately come to mind.

Your best bet is to use a service like Cloudflare to front-end your free GitHub Pages site if you really require SSL.

This is a lot more complex than you seem to think. Obtaining a certificate is easy. Storing and handling hundreds of thousands or millions of them securely is decidedly not. Determining how that interacts with the CDN that fronts traffic to Pages, and dealing with securely distributing certificates is also far from trivial. And that's just a couple of factors that immediately come to mind.

Your best bet is to use a service like Cloudflare to front-end your free GitHub Pages site if you really require SSL.

@kevindeasis

This comment has been minimized.

Show comment
Hide comment
@kevindeasis

kevindeasis Nov 27, 2015

+1 There must be a better way than spamming Github's inbox for contact & support?

+1 There must be a better way than spamming Github's inbox for contact & support?

@leighmcculloch

This comment has been minimized.

Show comment
Hide comment
@leighmcculloch

leighmcculloch Nov 27, 2015

@coolaj86 you can use @cloudflare with a custom domain in front of @github pages. It works. I do this for https://github.com/leighmcculloch/5tweets.com which you can see SSL'd at https://5tweets.com.

@coolaj86 you can use @cloudflare with a custom domain in front of @github pages. It works. I do this for https://github.com/leighmcculloch/5tweets.com which you can see SSL'd at https://5tweets.com.

@peckrob

This comment has been minimized.

Show comment
Hide comment
@peckrob

peckrob Nov 27, 2015

@lucas This is technically correct, but Server Name Identification has solved that problem for some time now, and is supported in the very large majority of browsers. Basically, anything IE7 and newer, although it is not supported by some spiders.

https://en.wikipedia.org/wiki/Server_Name_Indication

peckrob commented Nov 27, 2015

@lucas This is technically correct, but Server Name Identification has solved that problem for some time now, and is supported in the very large majority of browsers. Basically, anything IE7 and newer, although it is not supported by some spiders.

https://en.wikipedia.org/wiki/Server_Name_Indication

@RHavar

This comment has been minimized.

Show comment
Hide comment
@RHavar

RHavar Nov 27, 2015

So this won't happen, if you understand how https works you'll understand.

@lucas: Thanks for the condescending and outdated explanation. For the last 10 years we've had: https://en.wikipedia.org/wiki/Server_Name_Indication

And supported by everything except IE8 on Windows XP: http://caniuse.com/#feat=sni

RHavar commented Nov 27, 2015

So this won't happen, if you understand how https works you'll understand.

@lucas: Thanks for the condescending and outdated explanation. For the last 10 years we've had: https://en.wikipedia.org/wiki/Server_Name_Indication

And supported by everything except IE8 on Windows XP: http://caniuse.com/#feat=sni

@dheera

This comment has been minimized.

Show comment
Hide comment
@dheera

dheera Nov 27, 2015

@leighmcculloch @imbriaco Putting Cloudfare HTTPS in front of a HTTP URL isn't technically secure. The link between Cloudflare and Github will be unencrypted.

dheera commented Nov 27, 2015

@leighmcculloch @imbriaco Putting Cloudfare HTTPS in front of a HTTP URL isn't technically secure. The link between Cloudflare and Github will be unencrypted.

@RHavar

This comment has been minimized.

Show comment
Hide comment
@RHavar

RHavar Nov 27, 2015

@dheera That's not quite right, you can (trivially) tell cloudflare to only fetch the data from github over https itself. The real security concern is that you probably would prefer if cloudflare wasn't in the middle.

RHavar commented Nov 27, 2015

@dheera That's not quite right, you can (trivially) tell cloudflare to only fetch the data from github over https itself. The real security concern is that you probably would prefer if cloudflare wasn't in the middle.

@dheera

This comment has been minimized.

Show comment
Hide comment
@dheera

dheera Nov 27, 2015

@RHavar Oh, I didn't realize GitHub already supported HTTPS on its .github.io URLs. In that case, yes. And yes, CloudFlare is a security concern of itself.

dheera commented Nov 27, 2015

@RHavar Oh, I didn't realize GitHub already supported HTTPS on its .github.io URLs. In that case, yes. And yes, CloudFlare is a security concern of itself.

@dtinth

This comment has been minimized.

Show comment
Hide comment
@dtinth

dtinth Nov 27, 2015

Well, @cloudflare does support Full SSL (Strict) mode, which means the connections between your users and CloudFlare, and between CloudFlare and GitHub pages, are all encrypted.

And it comes down to trust. I trust both CloudFlare and GitHub, so I’m comfortable with that setup already.

dtinth commented Nov 27, 2015

Well, @cloudflare does support Full SSL (Strict) mode, which means the connections between your users and CloudFlare, and between CloudFlare and GitHub pages, are all encrypted.

And it comes down to trust. I trust both CloudFlare and GitHub, so I’m comfortable with that setup already.

@vinitkumar

This comment has been minimized.

Show comment
Hide comment
@vinitkumar

vinitkumar Nov 27, 2015

@dtinth: I have the exact same configuration and I am pretty happy with it.

@dtinth: I have the exact same configuration and I am pretty happy with it.

@lucas

This comment has been minimized.

Show comment
Hide comment
@lucas

lucas Nov 27, 2015

Thanks @peckrob, I wasn't familiar with SNI! That should make it much more feasible than I thought :)

Happy Thanksgiving guys

lucas commented Nov 27, 2015

Thanks @peckrob, I wasn't familiar with SNI! That should make it much more feasible than I thought :)

Happy Thanksgiving guys

@charliesome

This comment has been minimized.

Show comment
Hide comment
@charliesome

charliesome Nov 27, 2015

HTTPS on GitHub Pages is something I'd personally _love_ to see happen, and I've been keeping an eye on tech that will make this more viable than it might have been in the past - such as Let's Encrypt for certificate issuance and the ssl_certificate_by_lua feature of ngx_lua so we can dynamically serve up the right certificate based on the SNI hostname in the TLS handshake.

That said, there's still a bunch of really complex problems that mean this is still hard. We'd need to store a significant amount of highly sensitive key material as securely as possible while still allowing our Pages Frontends to look them up dynamically on every request. Currently we terminate TLS at our load balancer tier - we'd need to push that back into the Pages Frontend tier so that our router can do it dynamically. GitHub Pages is also currently fronted by a CDN which further complicates this problem.

I cannot promise anything or give any timeframe right now, but HTTPS on Pages is something that we've been thinking hard about for a while. We know how important HTTPS is - it's just one of those problems that's quite complex and requires a lot of time and great care to solve.

HTTPS on GitHub Pages is something I'd personally _love_ to see happen, and I've been keeping an eye on tech that will make this more viable than it might have been in the past - such as Let's Encrypt for certificate issuance and the ssl_certificate_by_lua feature of ngx_lua so we can dynamically serve up the right certificate based on the SNI hostname in the TLS handshake.

That said, there's still a bunch of really complex problems that mean this is still hard. We'd need to store a significant amount of highly sensitive key material as securely as possible while still allowing our Pages Frontends to look them up dynamically on every request. Currently we terminate TLS at our load balancer tier - we'd need to push that back into the Pages Frontend tier so that our router can do it dynamically. GitHub Pages is also currently fronted by a CDN which further complicates this problem.

I cannot promise anything or give any timeframe right now, but HTTPS on Pages is something that we've been thinking hard about for a while. We know how important HTTPS is - it's just one of those problems that's quite complex and requires a lot of time and great care to solve.

@tracker1

This comment has been minimized.

Show comment
Hide comment
@tracker1

tracker1 Nov 27, 2015

I thought github.io used cloudflare as it stands... even then, if there is a peering connection directly https from cloudflare to github is probably is less of a concern.

I thought github.io used cloudflare as it stands... even then, if there is a peering connection directly https from cloudflare to github is probably is less of a concern.

@subinsebastien

This comment has been minimized.

Show comment
Hide comment
@subinsebastien

subinsebastien Nov 27, 2015

"A freelancer with spare time" - I always wanted to be one! πŸ˜…

"A freelancer with spare time" - I always wanted to be one! πŸ˜…

@as1ndu

This comment has been minimized.

Show comment
Hide comment
@as1ndu

as1ndu Nov 27, 2015

it already supports it!!! πŸ˜„ check out my blog https://as1ndu.github.io

as1ndu commented Nov 27, 2015

it already supports it!!! πŸ˜„ check out my blog https://as1ndu.github.io

@wnda

This comment has been minimized.

Show comment
Hide comment
@wnda

wnda Nov 27, 2015

DigitalOcean is not that expensive.

wnda commented Nov 27, 2015

DigitalOcean is not that expensive.

@sneak

This comment has been minimized.

Show comment
Hide comment
@sneak

sneak Nov 27, 2015

if you CNAME your domain on cloudflare to GitHub pages using a username.github.io domain, it sends the Host header of the custom domain and github doesn't serve it. the TLS on the username.github.io pages resultantly only works when you are using the *.github.io URL, not if you have cloudflare fronting different TLS.

the only way rn to make it work is to create a CNAME file and have GitHub serve unencrypted to cloudflare, which I don't find to be a problem as it's a static site.

sneak commented Nov 27, 2015

if you CNAME your domain on cloudflare to GitHub pages using a username.github.io domain, it sends the Host header of the custom domain and github doesn't serve it. the TLS on the username.github.io pages resultantly only works when you are using the *.github.io URL, not if you have cloudflare fronting different TLS.

the only way rn to make it work is to create a CNAME file and have GitHub serve unencrypted to cloudflare, which I don't find to be a problem as it's a static site.

@prdonahue

This comment has been minimized.

Show comment
Hide comment
@prdonahue

prdonahue Nov 27, 2015

@sneak, technically you could use a Page Rule to re-write the header (requires Enterprise plan, however): https://support.cloudflare.com/hc/en-us/articles/206652947-Using-Page-Rules-to-Re-Write-Host-Headers.

@sneak, technically you could use a Page Rule to re-write the header (requires Enterprise plan, however): https://support.cloudflare.com/hc/en-us/articles/206652947-Using-Page-Rules-to-Re-Write-Host-Headers.

@NetRat

This comment has been minimized.

Show comment
Hide comment

NetRat commented Dec 7, 2015

+1

@merikan

This comment has been minimized.

Show comment
Hide comment

merikan commented Dec 21, 2015

+1

@AndersDJohnson

This comment has been minimized.

Show comment
Hide comment
@quicoto

This comment has been minimized.

Show comment
Hide comment

quicoto commented Jan 7, 2016

+1

@drakmail

This comment has been minimized.

Show comment
Hide comment

+1

@manzato

This comment has been minimized.

Show comment
Hide comment

manzato commented Jan 26, 2016

+1

@reederz

This comment has been minimized.

Show comment
Hide comment

reederz commented Jan 29, 2016

πŸ‘

@jack-mcgrath

This comment has been minimized.

Show comment
Hide comment

+1

@DarrienG

This comment has been minimized.

Show comment
Hide comment

+1

@enjikaka

This comment has been minimized.

Show comment
Hide comment

enjikaka commented Feb 1, 2016

πŸ‘

@lagseeing

This comment has been minimized.

Show comment
Hide comment

+1

@apo11oCreed

This comment has been minimized.

Show comment
Hide comment

+1

@davidsilvasmith

This comment has been minimized.

Show comment
Hide comment
@willin

This comment has been minimized.

Show comment
Hide comment

willin commented Feb 5, 2016

+1

@eligrey

This comment has been minimized.

Show comment
Hide comment
@eligrey

eligrey Feb 5, 2016

πŸ‘

eligrey commented Feb 5, 2016

πŸ‘

@cben

This comment has been minimized.

Show comment
Hide comment
@cben

cben Feb 9, 2016

@charliesome If HTTPS on custom domains is hard, perhaps start by officially supporting HTTPS on *.github.io?
That uses just one wildcart cert, avoiding most of the complexity, and it fact that already works;
IIUC the only missing piece is that it's currently insecure between GitHub and your CDN?

cben commented Feb 9, 2016

@charliesome If HTTPS on custom domains is hard, perhaps start by officially supporting HTTPS on *.github.io?
That uses just one wildcart cert, avoiding most of the complexity, and it fact that already works;
IIUC the only missing piece is that it's currently insecure between GitHub and your CDN?

@suvozit

This comment has been minimized.

Show comment
Hide comment

suvozit commented Feb 10, 2016

🍺

@zixia

This comment has been minimized.

Show comment
Hide comment
@zixia

zixia Feb 20, 2016

πŸ‘

zixia commented Feb 20, 2016

πŸ‘

@dpjanes

This comment has been minimized.

Show comment
Hide comment

dpjanes commented Feb 21, 2016

+1

@connor-baer

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@RaviTezu

This comment has been minimized.

Show comment
Hide comment

+1

@mohebifar

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@rzeidler

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@dalbelap

This comment has been minimized.

Show comment
Hide comment

dalbelap commented Mar 3, 2016

πŸ‘

@daniellmb

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@nubela

This comment has been minimized.

Show comment
Hide comment
@nubela

nubela Mar 7, 2016

Full disclosure: I work at Kloudsec.

Kloudsec auto-provisions and auto-renews LetsEncrypt certs for Github Pages with custom domains. See Kloudsec for Github Pages.

Kloudsec is a minimal CDN (open) platform. As an open platform, we implemented LetsEncrypt CA to auto-provision/auto-renew SSL certs. Just enable the One-click Encryption plugin.

To use, you only need to update your custom domain DNS records to point to our CDN's IP address. (Unlike Cloudflare, you can keep your nameservers)


Simply, Kloudsec for Github Pages solve the 2 biggest issues with custom domains on GIthub pages:

  1. No CDN support for apex domains
  2. No HTTPS for custom domains

You also get all the other plugins for free:

  • Page Optimizer (Pagespeed optimisations)
  • Service Doctor (Performance Analytics)

We have a public Telegram chat group for Kloudsec if you need help

nubela commented Mar 7, 2016

Full disclosure: I work at Kloudsec.

Kloudsec auto-provisions and auto-renews LetsEncrypt certs for Github Pages with custom domains. See Kloudsec for Github Pages.

Kloudsec is a minimal CDN (open) platform. As an open platform, we implemented LetsEncrypt CA to auto-provision/auto-renew SSL certs. Just enable the One-click Encryption plugin.

To use, you only need to update your custom domain DNS records to point to our CDN's IP address. (Unlike Cloudflare, you can keep your nameservers)


Simply, Kloudsec for Github Pages solve the 2 biggest issues with custom domains on GIthub pages:

  1. No CDN support for apex domains
  2. No HTTPS for custom domains

You also get all the other plugins for free:

  • Page Optimizer (Pagespeed optimisations)
  • Service Doctor (Performance Analytics)

We have a public Telegram chat group for Kloudsec if you need help

@DerfOh

This comment has been minimized.

Show comment
Hide comment
@DerfOh

DerfOh Mar 8, 2016

πŸ‘

DerfOh commented Mar 8, 2016

πŸ‘

@mozey

This comment has been minimized.

Show comment
Hide comment

mozey commented Mar 8, 2016

+1

@stefek99

This comment has been minimized.

Show comment
Hide comment
@stefek99

stefek99 Mar 8, 2016

Internet is a small place.

Literally Today I've received an email from @nubela

Anyways, I found that Github Page at stefek99/htmlshell has a custom domain, and I was wondering if I can help you get it to HTTPS with a LetsEncrypt cert? (for free, of course!)

I work at Kloudsec (a free and minimal CDN for programmers) and I just built this tool to provision LetsEncrypt certs for github pages.

I wasn't sold on on CDN offering as GitHub pages are already using CDN but now... Searching for let's encrypt github pages leads me here and I see the Kloudsec again :)

Yep, internet is a small place.

stefek99 commented Mar 8, 2016

Internet is a small place.

Literally Today I've received an email from @nubela

Anyways, I found that Github Page at stefek99/htmlshell has a custom domain, and I was wondering if I can help you get it to HTTPS with a LetsEncrypt cert? (for free, of course!)

I work at Kloudsec (a free and minimal CDN for programmers) and I just built this tool to provision LetsEncrypt certs for github pages.

I wasn't sold on on CDN offering as GitHub pages are already using CDN but now... Searching for let's encrypt github pages leads me here and I see the Kloudsec again :)

Yep, internet is a small place.

@DerfOh

This comment has been minimized.

Show comment
Hide comment
@DerfOh

DerfOh Mar 9, 2016

@stefek99 Same here but I plus one'd the page too, I'm thinking there is some sort of bot watching this page or something...

DerfOh commented Mar 9, 2016

@stefek99 Same here but I plus one'd the page too, I'm thinking there is some sort of bot watching this page or something...

@vukor

This comment has been minimized.

Show comment
Hide comment

vukor commented Mar 10, 2016

+1

@metaskills

This comment has been minimized.

Show comment
Hide comment
@metaskills

metaskills Mar 11, 2016

Well, I got the email too from Kloudsec and found this link. It does work really well. Got https://metaskills.net all setup in a few minutes. Two easy DNS records and it worked like a champ. I did get SSL warnings for the first half hour or so, but smoothed out eventually.

Well, I got the email too from Kloudsec and found this link. It does work really well. Got https://metaskills.net all setup in a few minutes. Two easy DNS records and it worked like a champ. I did get SSL warnings for the first half hour or so, but smoothed out eventually.

@victorperin

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@holys

This comment has been minimized.

Show comment
Hide comment
@holys

holys Mar 12, 2016

@nubela thank you !

holys commented Mar 12, 2016

@nubela thank you !

@elmariofredo

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@janschultecom

This comment has been minimized.

Show comment
Hide comment
@hacdias

This comment has been minimized.

Show comment
Hide comment

hacdias commented Mar 16, 2016

+1

@itzo

This comment has been minimized.

Show comment
Hide comment

itzo commented Mar 19, 2016

+1

@PG2000

This comment has been minimized.

Show comment
Hide comment

PG2000 commented Mar 20, 2016

+1

@ehhthing

This comment has been minimized.

Show comment
Hide comment
@ehhthing

ehhthing Mar 26, 2016

+1
PLEASE.

+1
PLEASE.

@luxifer

This comment has been minimized.

Show comment
Hide comment

luxifer commented Mar 29, 2016

πŸ‘

@Josh-a-e

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@cielpy

This comment has been minimized.

Show comment
Hide comment

cielpy commented Mar 31, 2016

image

@begriffs

This comment has been minimized.

Show comment
Hide comment

begriffs commented Apr 3, 2016

πŸ‘

@azizur

This comment has been minimized.

Show comment
Hide comment
@azizur

azizur Apr 3, 2016

πŸ‘

azizur commented Apr 3, 2016

πŸ‘

@azizur

This comment has been minimized.

Show comment
Hide comment
@azizur

azizur Apr 3, 2016

Everyone who has put a πŸ‘ on here should visit isaacs/github#156 and cast your vote on that issue.

azizur commented Apr 3, 2016

Everyone who has put a πŸ‘ on here should visit isaacs/github#156 and cast your vote on that issue.

@wongmjane

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@claudijd

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@shea256

This comment has been minimized.

Show comment
Hide comment

shea256 commented Apr 18, 2016

πŸ‘

@schickling

This comment has been minimized.

Show comment
Hide comment

+1

@ahaasler

This comment has been minimized.

Show comment
Hide comment

We need this! GitLab Pages supports it: https://gitlab.com/gitlab-org/gitlab-ee/issues/134

@tyteen4a03

This comment has been minimized.

Show comment
Hide comment
@tyteen4a03

tyteen4a03 Apr 22, 2016

Now that GitLab has it, I guess it's time to say goodbye to GitHub pages. They even have free private repos.

Now that GitLab has it, I guess it's time to say goodbye to GitHub pages. They even have free private repos.

@nexocentric

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@tinchou

This comment has been minimized.

Show comment
Hide comment
@tinchou

tinchou Apr 26, 2016

You can use CloudFlare, they provide free DNS and free SSL. This guy has a good tutorial.

tinchou commented Apr 26, 2016

You can use CloudFlare, they provide free DNS and free SSL. This guy has a good tutorial.

@samuelcolvin

This comment has been minimized.

Show comment
Hide comment
@samuelcolvin

samuelcolvin May 8, 2016

https://github.com/samuelcolvin/nginx-pages

Very cheap, open source alternative to github pages.

https://github.com/samuelcolvin/nginx-pages

Very cheap, open source alternative to github pages.

@cmelone

This comment has been minimized.

Show comment
Hide comment
@robertoestivill

This comment has been minimized.

Show comment
Hide comment
@robertoestivill

robertoestivill May 14, 2016

gitlab supports pages with ssl certificate out of private repos

gitlab supports pages with ssl certificate out of private repos

@GreenTurtwig

This comment has been minimized.

Show comment
Hide comment
@GreenTurtwig

GreenTurtwig May 30, 2016

πŸ‘ 🐱

πŸ‘ 🐱

@marianoviola

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@BastinRobin

This comment has been minimized.

Show comment
Hide comment

+1

@willin

This comment has been minimized.

Show comment
Hide comment

willin commented Jun 2, 2016

+1

@emanuelcds

This comment has been minimized.

Show comment
Hide comment

+1

@nhatbui

This comment has been minimized.

Show comment
Hide comment

nhatbui commented Jun 4, 2016

+1000

@hypertexthero

This comment has been minimized.

Show comment
Hide comment
@hypertexthero

hypertexthero Jun 4, 2016

Yes, please!

Yes, please!

@taylorhakes

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@borehack

This comment has been minimized.

Show comment
Hide comment
@borehack

borehack Jun 10, 2016

πŸ‘ would be awesome

πŸ‘ would be awesome

@sebasjm

This comment has been minimized.

Show comment
Hide comment

sebasjm commented Jun 21, 2016

πŸ‘

@alexandergorskih

This comment has been minimized.

Show comment
Hide comment
@kyledrake

This comment has been minimized.

Show comment
Hide comment

+1
neocitiesbackend

@mahmoudhossam

This comment has been minimized.

Show comment
Hide comment
@rajsite

This comment has been minimized.

Show comment
Hide comment
@rajsite

rajsite Jun 23, 2016

πŸ‘ ✨ ✨

rajsite commented Jun 23, 2016

πŸ‘ ✨ ✨

@evantahler

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@vuolter

This comment has been minimized.

Show comment
Hide comment

vuolter commented Jun 26, 2016

😍

@tcasey

This comment has been minimized.

Show comment
Hide comment

tcasey commented Jun 27, 2016

+1

@marcelinollano

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@damirkotoric

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@Oceanswave

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@kawa-marcin

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@matiasgarciaisaia

This comment has been minimized.

Show comment
Hide comment
@matiasgarciaisaia

matiasgarciaisaia Jul 11, 2016

For those reading about Kloudsec - it's shutting down on Aug 2016 :(

For those reading about Kloudsec - it's shutting down on Aug 2016 :(

@hemache

This comment has been minimized.

Show comment
Hide comment

hemache commented Jul 11, 2016

πŸ‘

@ewilliam

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@geofftech

This comment has been minimized.

Show comment
Hide comment

+1

@lightbeard

This comment has been minimized.

Show comment
Hide comment

+1

@markharding

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@kajheijmans

This comment has been minimized.

Show comment
Hide comment

+1

@mitjajez

This comment has been minimized.

Show comment
Hide comment
@mitjajez

mitjajez Jul 19, 2016

+1, i also wait Let's Encrypt @letsencrypt for IDN support

+1, i also wait Let's Encrypt @letsencrypt for IDN support

@tdurand

This comment has been minimized.

Show comment
Hide comment

tdurand commented Jul 20, 2016

πŸ‘

@mayanez

This comment has been minimized.

Show comment
Hide comment

mayanez commented Jul 24, 2016

+1

@lordring

This comment has been minimized.

Show comment
Hide comment

+1

@Ybrin

This comment has been minimized.

Show comment
Hide comment

Ybrin commented Jul 31, 2016

+1

@bash

This comment has been minimized.

Show comment
Hide comment

bash commented Aug 3, 2016

+1

@erickgirard

This comment has been minimized.

Show comment
Hide comment

+1

@TerenceTanWT

This comment has been minimized.

Show comment
Hide comment

+1

@DirectorX

This comment has been minimized.

Show comment
Hide comment

+1

@leog

This comment has been minimized.

Show comment
Hide comment

leog commented Aug 15, 2016

+1

@alexandrelucchesi

This comment has been minimized.

Show comment
Hide comment
@dharness

This comment has been minimized.

Show comment
Hide comment

+1

@h0tbird

This comment has been minimized.

Show comment
Hide comment

h0tbird commented Aug 27, 2016

+1

@martyanov

This comment has been minimized.

Show comment
Hide comment

+1

@ojhaujjwal

This comment has been minimized.

Show comment
Hide comment

+1

@vandoornum

This comment has been minimized.

Show comment
Hide comment

+1

@brettwise

This comment has been minimized.

Show comment
Hide comment
@brettwise

brettwise Sep 6, 2016

Github Pages now support HTTPS out of the box: https://github.com/blog/2186-https-for-github-pages

Github Pages now support HTTPS out of the box: https://github.com/blog/2186-https-for-github-pages

@gleb-svechnikov

This comment has been minimized.

Show comment
Hide comment
@guido4000

This comment has been minimized.

Show comment
Hide comment
@guido4000

guido4000 Sep 11, 2016

@brettwise this is about custom domains

@brettwise this is about custom domains

@nhantdn

This comment has been minimized.

Show comment
Hide comment

nhantdn commented Sep 14, 2016

πŸ‘

@leksak

This comment has been minimized.

Show comment
Hide comment

leksak commented Sep 14, 2016

+1

@samudary

This comment has been minimized.

Show comment
Hide comment

+1

@dkanbier

This comment has been minimized.

Show comment
Hide comment

+1

@aud

This comment has been minimized.

Show comment
Hide comment

aud commented Sep 16, 2016

+1

@joejoinerr

This comment has been minimized.

Show comment
Hide comment

+1

@protesilaos

This comment has been minimized.

Show comment
Hide comment

+1

@SurajVerma

This comment has been minimized.

Show comment
Hide comment

+1

@Jared-Prime

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@dwavid

This comment has been minimized.

Show comment
Hide comment

dwavid commented Sep 24, 2016

+1

@romikoops

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@JikkuJose

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@ethagnawl

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@koppor

This comment has been minimized.

Show comment
Hide comment
@koppor

koppor Oct 8, 2016

Here the information on kloudsec's shutdown: https://www.reddit.com/r/webdev/comments/4s3kmf/got_an_email_saying_that_kloudsec_will_be/

As I feel unsecure about CloudFlare, I'm currently thinking to buy a 3$/month box at scaleway, use let's encrypt and nginx as proxy (http://serverfault.com/q/583374/107832 seems to be a good start for the configuration). Should be enough for low-traffic sites.

koppor commented Oct 8, 2016

Here the information on kloudsec's shutdown: https://www.reddit.com/r/webdev/comments/4s3kmf/got_an_email_saying_that_kloudsec_will_be/

As I feel unsecure about CloudFlare, I'm currently thinking to buy a 3$/month box at scaleway, use let's encrypt and nginx as proxy (http://serverfault.com/q/583374/107832 seems to be a good start for the configuration). Should be enough for low-traffic sites.

@adrw

This comment has been minimized.

Show comment
Hide comment
@adrw

adrw Oct 20, 2016

πŸ‘

adrw commented Oct 20, 2016

πŸ‘

@ngunner

This comment has been minimized.

Show comment
Hide comment

ngunner commented Oct 21, 2016

+1

@george-black

This comment has been minimized.

Show comment
Hide comment

+1

@WendyStarfall

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@konsolebox

This comment has been minimized.

Show comment
Hide comment

+1

@alsemyonov

This comment has been minimized.

Show comment
Hide comment

+1

@wulfgarpro

This comment has been minimized.

Show comment
Hide comment
@wulfgarpro

wulfgarpro Nov 1, 2016

+1 for https on custom domains

+1 for https on custom domains

@morugu

This comment has been minimized.

Show comment
Hide comment

morugu commented Nov 9, 2016

+1

@leplatrem

This comment has been minimized.

Show comment
Hide comment

+1

@autophagy

This comment has been minimized.

Show comment
Hide comment

+1

@ChristianMayer

This comment has been minimized.

Show comment
Hide comment
@ChristianMayer

ChristianMayer Nov 20, 2016

πŸ‘ HTTPS / SSL for a custom domain on GitHub Pages is really needed!

πŸ‘ HTTPS / SSL for a custom domain on GitHub Pages is really needed!

@hobson

This comment has been minimized.

Show comment
Hide comment

hobson commented Nov 20, 2016

+1

@coollorenzo

This comment has been minimized.

Show comment
Hide comment

+1

@barrosgeraldo

This comment has been minimized.

Show comment
Hide comment
@eppfel

This comment has been minimized.

Show comment
Hide comment
@eppfel

eppfel Nov 28, 2016

πŸ‘

eppfel commented Nov 28, 2016

πŸ‘

@jonmann20

This comment has been minimized.

Show comment
Hide comment

+1

@bradbaris

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@DanielMarquard

This comment has been minimized.

Show comment
Hide comment
@DanielMarquard

DanielMarquard Dec 6, 2016

+1

Github needs an API for managing certificates used with Github Pages!

+1

Github needs an API for managing certificates used with Github Pages!

@astorije

This comment has been minimized.

Show comment
Hide comment

πŸ‘

@lockie

This comment has been minimized.

Show comment
Hide comment
@lockie

lockie Dec 16, 2016

πŸ‘

lockie commented Dec 16, 2016

πŸ‘

@hoechenberger

This comment has been minimized.

Show comment
Hide comment
@tim-hub

This comment has been minimized.

Show comment
Hide comment
@tim-hub

tim-hub Dec 21, 2016

Github support

tim-hub commented Dec 21, 2016

Github support

@dstroot

This comment has been minimized.

Show comment
Hide comment

dstroot commented Dec 25, 2016

πŸ‘

@tjespe

This comment has been minimized.

Show comment
Hide comment

tjespe commented Jan 1, 2017

+1

@proweb

This comment has been minimized.

Show comment
Hide comment

proweb commented Jan 3, 2017

+1

@rflmyk

This comment has been minimized.

Show comment
Hide comment

rflmyk commented Jan 4, 2017

+1

@Natim

This comment has been minimized.

Show comment
Hide comment
@Natim

Natim Jan 6, 2017

In the meantime I did use https://netlify.com/ to do so.

Natim commented Jan 6, 2017

In the meantime I did use https://netlify.com/ to do so.

@byCedric

This comment has been minimized.

Show comment
Hide comment

+1 @github, why not?

@managedkaos

This comment has been minimized.

Show comment
Hide comment
@managedkaos

managedkaos Jan 13, 2017

As stated earlier in the thread, there's overhead involved with handling certs for millions of sites.

For all the folks saying +1 to this, I wonder if you are paying users or using the free services as most of us are?

If you are using the service for free, would you be willing to pay guthub, say $1/month, to have your custom domain use HTTPS? Or even $5/yr to have custom domain on HTTPS?

I ask because I wonder if github did offer the service but charged for it, how many people would complain that they had to pay?

For the record, I use the services freely, I would appreciate having HTTPS on my custom domain, and yes, I would pay to have it.

As stated earlier in the thread, there's overhead involved with handling certs for millions of sites.

For all the folks saying +1 to this, I wonder if you are paying users or using the free services as most of us are?

If you are using the service for free, would you be willing to pay guthub, say $1/month, to have your custom domain use HTTPS? Or even $5/yr to have custom domain on HTTPS?

I ask because I wonder if github did offer the service but charged for it, how many people would complain that they had to pay?

For the record, I use the services freely, I would appreciate having HTTPS on my custom domain, and yes, I would pay to have it.

@coreyward

This comment has been minimized.

Show comment
Hide comment
@coreyward

coreyward Jan 20, 2017

@managedkaos β€”Β Yes I pay for Github. Yes I would pay additional for SSL. Selling my clients on $1 a month (or $20 a year for that matter) would be painless.

@managedkaos β€”Β Yes I pay for Github. Yes I would pay additional for SSL. Selling my clients on $1 a month (or $20 a year for that matter) would be painless.

@stefek99

This comment has been minimized.

Show comment
Hide comment
@stefek99

stefek99 Jan 25, 2017

Proper HTTPS for GitHub pages is something worth paying for.

Proper HTTPS for GitHub pages is something worth paying for.

@nicholasodonnell

This comment has been minimized.

Show comment
Hide comment
@WendyStarfall

This comment has been minimized.

Show comment
Hide comment
@WendyStarfall

WendyStarfall Jan 31, 2017

@managedkaos > I'm convinced that a growing number of users want private repositories for their GitHub pages with TLS for their custom domains and therefore adding that to the 'Personal plan' for US$ 7 per month could make sense. However as others already have mentioned, there are alternatives where either functionality is meanwhile provided cost-free.

I really enjoyed using GitHub (since 2011). It was super useful to me and I probably wouldn't mind paying. Students could make use of such functionality cost-free with the 'Student Developer Pack' because that already includes a one year SSL certificate.

@managedkaos > I'm convinced that a growing number of users want private repositories for their GitHub pages with TLS for their custom domains and therefore adding that to the 'Personal plan' for US$ 7 per month could make sense. However as others already have mentioned, there are alternatives where either functionality is meanwhile provided cost-free.

I really enjoyed using GitHub (since 2011). It was super useful to me and I probably wouldn't mind paying. Students could make use of such functionality cost-free with the 'Student Developer Pack' because that already includes a one year SSL certificate.

@onlyangel

This comment has been minimized.

Show comment
Hide comment

+1

@laurawadden

This comment has been minimized.

Show comment
Hide comment
@laurawadden

laurawadden Feb 5, 2017

I would be willing to pay! I'm a free user right now, but I would pay upfront for the year and have it automatically renew.

I would be willing to pay! I'm a free user right now, but I would pay upfront for the year and have it automatically renew.

@smaury

This comment has been minimized.

Show comment
Hide comment

smaury commented Feb 6, 2017

+1

@alexsoble

This comment has been minimized.

Show comment
Hide comment

+1 :)

@mattes

This comment has been minimized.

Show comment
Hide comment
@mattes

mattes Feb 12, 2017

Not willing to pay for HTTPS in 2017. But def a +1.

If Squarespace can. Github can too!

At Squarespace, we believe we are responsible for providing a platform on which customers and their visitors can be assured a secure browsing experience.

https://engineering.squarespace.com/blog/2016/implementing-ssl-tls-for-all-squarespace-sites Let's encrypt all the way.

mattes commented Feb 12, 2017

Not willing to pay for HTTPS in 2017. But def a +1.

If Squarespace can. Github can too!

At Squarespace, we believe we are responsible for providing a platform on which customers and their visitors can be assured a secure browsing experience.

https://engineering.squarespace.com/blog/2016/implementing-ssl-tls-for-all-squarespace-sites Let's encrypt all the way.

@nelyj

This comment has been minimized.

Show comment
Hide comment

nelyj commented Feb 12, 2017

+1

@gtzilla

This comment has been minimized.

Show comment
Hide comment
@gtzilla

gtzilla Feb 14, 2017

I dunno if github reads this post and laughs or actually considers it when working on their product roadmap, but I would agree with all +1s and also say I would happily pay $5-12 a year to have SSL with a custom CNAME for a given domain.

gtzilla commented Feb 14, 2017

I dunno if github reads this post and laughs or actually considers it when working on their product roadmap, but I would agree with all +1s and also say I would happily pay $5-12 a year to have SSL with a custom CNAME for a given domain.

@vittau

This comment has been minimized.

Show comment
Hide comment

vittau commented Feb 14, 2017

+1!

@Aerlinger

This comment has been minimized.

Show comment
Hide comment

+1

@rodolfoghi

This comment has been minimized.

Show comment
Hide comment

+1!
:)

@chicofilho

This comment has been minimized.

Show comment
Hide comment

+1

@paivaric

This comment has been minimized.

Show comment
Hide comment

+1

@labynocle

This comment has been minimized.

Show comment
Hide comment

+1 :)

@ianrenton

This comment has been minimized.

Show comment
Hide comment
@ianrenton

ianrenton Feb 23, 2017

+1. I am currently using CloudFlare to provide my GitHub Pages site over HTTPS on a custom domain - at least it looks secure as far as the user's browser is concerned. It would be great if GitHub Pages itself would support HTTPS on custom domains though.

+1. I am currently using CloudFlare to provide my GitHub Pages site over HTTPS on a custom domain - at least it looks secure as far as the user's browser is concerned. It would be great if GitHub Pages itself would support HTTPS on custom domains though.

@aykut78

This comment has been minimized.

Show comment
Hide comment

aykut78 commented Feb 24, 2017

+1 :)

@orarnoni

This comment has been minimized.

Show comment
Hide comment

+1

@chaseacton

This comment has been minimized.

Show comment
Hide comment

+1

@dimastopel

This comment has been minimized.

Show comment
Hide comment

+1

@jans23

This comment has been minimized.

Show comment
Hide comment

jans23 commented Feb 27, 2017

+1

@xqus

This comment has been minimized.

Show comment
Hide comment

xqus commented Mar 1, 2017

+1

@lsardinas

This comment has been minimized.

Show comment
Hide comment

+1

@peeyushsrj

This comment has been minimized.

Show comment
Hide comment

+1

@exeleon

This comment has been minimized.

Show comment
Hide comment

exeleon commented Mar 8, 2017

+1

@MacKentoch

This comment has been minimized.

Show comment
Hide comment

+1

@nextroop

This comment has been minimized.

Show comment
Hide comment

+1

@Areso

This comment has been minimized.

Show comment
Hide comment
@Areso

Areso Mar 12, 2017

C'mon, GitHub, do it already!

Areso commented Mar 12, 2017

C'mon, GitHub, do it already!

@pedrorijo91

This comment has been minimized.

Show comment
Hide comment

πŸ‘ +1

@enreeco

This comment has been minimized.

Show comment
Hide comment

enreeco commented Mar 17, 2017

++

@lindenthal

This comment has been minimized.

Show comment
Hide comment

+1

@studiocoucou

This comment has been minimized.

Show comment
Hide comment