Skip to content

Instantly share code, notes, and snippets.

@coolaj86
Last active November 16, 2021 22:36
Show Gist options
  • Save coolaj86/e07d42f5961c68fc1fc8 to your computer and use it in GitHub Desktop.
Save coolaj86/e07d42f5961c68fc1fc8 to your computer and use it in GitHub Desktop.
Github Pages: Let's Encrypt!

Please petition Github to support HTTPS on github pages: https://github.com/contact

Here's what I wrote:

Obviously, a lot of people want HTTPS for github pages:

Until recently, that would be difficult to implement but, as it turns out, the implementation is pretty much complete:

I'm a freelancer, so I've got time and I'd love to help out in any way I can (I'd even come work for you at a substandard rate) if we could get this implemented by Let's Encrypt launch day.

You can also send a message to support@github.com

@pfsmorigo
Copy link

terryburton, how do you know? can you point me to where you saw it?

@aviau
Copy link

aviau commented Feb 22, 2018

They deployed SSL on my Github Pages site on February 14. I realized it just as I was done switching to AWS so that I could use SSL with AWS CloudFront. I wish I noticed before, I wouldn't have spent the time to migrate.

screenshot from 2018-02-22 15-05-55

You can check it out while it is still live, but I have completed the switch to AWS so the certificate on www.alexandreviau.net will soon be an Amazon-signed certificate.

@petbadger
Copy link

+1

@href
Copy link

href commented Mar 1, 2018

We've also been migrated over at https://www.python-summit.ch/. The cert is by Let's Encrypt and the server is Github's:

dig www.python-summit.ch +short

swisspy.github.io.
sni.github.map.fastly.net.
151.101.121.147

http --headers https://www.python-summit.ch

HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Age: 297
Cache-Control: max-age=600
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 4381
Content-Type: text/html; charset=utf-8
Date: Thu, 01 Mar 2018 13:47:51 GMT
Expires: Thu, 01 Mar 2018 10:57:24 GMT
Last-Modified: Thu, 22 Feb 2018 10:10:37 GMT
Server: GitHub.com
Vary: Accept-Encoding
Via: 1.1 varnish
X-Cache: HIT
X-Cache-Hits: 1
X-Fastly-Request-ID: 363b386d720e7e6c82e9b5c480e418cf09475732
X-GitHub-Request-Id: 284E:17563:2AAB3A3:3C09ED3:5A97DA3C
X-Served-By: cache-ams4130-AMS
X-Timer: S1519912071.406092,VS0,VE1

@jxdwinter
Copy link

+1

@hamzaydia
Copy link

+1, highly important feature

@ligi
Copy link

ligi commented Mar 4, 2018

@terryburton do you have a link to where you got this information from?
@aviau did you trigger this somehow? I just tried for walleth (http://walleth.org / https://walleth.org / https://github.com/walleth/walleth.github.com) am still seeing this:
selection_241
@href did you do something special?

@href
Copy link

href commented Mar 5, 2018

No, I basically discovered that our domain had a cert all of a sudden.

@ligi
Copy link

ligi commented Mar 5, 2018

@href: thanks for the info!

@ligi
Copy link

ligi commented Mar 5, 2018

Just had a very friendly reply from the github staff/support:

Hi ligi,

As you've discovered, some GitHub Pages sites have been issued SSL certificates from Let's Encrypt, enabling HTTPS for your custom domain. This isn't officially supported yet and it's not possible for you to enable and enforce it on your sites at this time.

We know how important secure browsing is for our users, but we don't have anything official to announce at this time. If and when this feature is officially released, we will announce it on our blog:

https://github.com/blog

Let us know if you have other questions!

Thanks,
Thomas
GitHub Support

and:

Hey ligi,

Can I quote this email you send me in the gist so other users will not bother you?

Sure, go ahead! That's our official statement right now, and hopefully we'll have some more news to share in the very near future.

We're really happy to see people are so excited about this finally happening (I am too, it's been a long time coming!) and I really hope we can get this out soon, once we squash a few more bugs of course!

Thanks,
Thomas
GitHub Support

looking forward to it - @ghithub <3

@CydeWeys
Copy link

CydeWeys commented Mar 5, 2018

It's worth pointing out that the .app top-level domain (TLD) is launching on May 8th. Particularly notable for this discussion is that the entire TLD is HSTS-preloaded, meaning that HTTPS is required. So it'd be ideal if GitHub's Let's Encrypt integration for custom domains could go live before then, otherwise GitHub customers won't be able to use GitHub to host their .app domain names.

@dblock
Copy link

dblock commented Mar 8, 2018

Would love the hive mind to contribute better instructions to switch for anyone with a Jekyll blog, I started http://code.dblock.org/2018/03/07/enabling-ssl-on-github-pages.html.

@ligi
Copy link

ligi commented Mar 9, 2018

@dblock I think these instructions only make sense when you are part of the roll-out as far as I see - for a moment I thought there might be a trick you found to force this ;-)

@dblock
Copy link

dblock commented Mar 12, 2018

I changed the CNAME for my apex domain, https://dblock.org to sni.github.map.fastly.net, but that doesn't seem to be serving a dblock.org cert for https for dblock.org. I wonder whether there will be a solution for that? Also whether HSTS is going to be enforceable.

@wizardishungry
Copy link

@dblock:

  • jonwillia.ms works for me if I put it in /etc/hosts (I’m waiting for DNS to propagate) and hit reload in Safari
  • I see the correct (“sni" endpoint) ip for dblock.org
  • dblock.org does NOT work for me if I put it in /etc/hosts; github serves the plain github cert.
  • dblock.org also has an ipv6 address; I have it turned off in my network stack (just a data point)
  • Perhaps github checks the DNS configuration on push to determine which cert to present during SNI and caches it. Since I'm doing this today & dblock's repo was pushed 5 days ago, perhaps you encountered older logic. Try pushing?

@gpkc
Copy link

gpkc commented Mar 25, 2018

+1

@adueppen
Copy link

+1

@cdobraunig
Copy link

+1

@imryan
Copy link

imryan commented Mar 28, 2018

+1

@luiscastro193
Copy link

+1

@morfien101
Copy link

+1

@stefan2904
Copy link

I also noticed today, that this is already working for one of my (new) domains: https://twitter.com/stefan2904/status/983469050696257537

2018-04-10-00 53 25_selection

@avanc
Copy link

avanc commented Apr 18, 2018

+1 for Let's Encrypt support

@sambaldwin
Copy link

+1

@rnegron
Copy link

rnegron commented Apr 21, 2018

+1 must-have

@jwildeboer
Copy link

FTR - I added jan.wildeboer.net as my custom domain name last friday (2018-04-20) and after about an hour I noticed that a letsencrypt certificate had been automagically added and configured. I could switch my .github.io repo to "enforce HTTPS". So it seems they are doing a soft roll-out (for all? A/B testing?) and I expect an official announcement in the next few weeks.

@20TRIES
Copy link

20TRIES commented Apr 24, 2018

+1

@TomFanella4
Copy link

+1

@0xdea
Copy link

0xdea commented May 1, 2018

HTTPS is now officially supported on custom domains!
https://blog.github.com/2018-05-01-github-pages-custom-domains-https/

@liudonghua123
Copy link

+1024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment