Is there any way to use HTTPS/SSL on GitHub Pages sites that use a custom domain? SSL is recommended for better search engine ranking and there are a lot of other uses for it beyond that.
Is it possible to use HTTPS/SSL on GitHub Pages sites with a custom domain?
Asked Answered
You'd need to set up a proxy server somewhere to handle it, so this is likely off-topic for SO. Here is an example. –
Gingersnap
Custom domains on GitHub Pages do support HTTPS / SSL:
GitHub Pages has supported custom domains since 2009, and sites on the
*.github.iodomain have supported HTTPS since 2016. Today, custom domains on GitHub Pages are gaining support for HTTPS as well, meaning over a million GitHub Pages sites will be served over HTTPS.https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
Go to
https://github.com/**username**/**repo**/settingsCheck the checkbox "Enforce HTTPS":
Prior to May 1, 2018, SSL was supported by GitHub Pages only on sites using a *.github.io domain: https://help.github.com/articles/securing-your-github-pages-site-with-https/
Thanks for editing your answer after Github added support for custom domains on May 1st, 2018. –
Consonant
For a simple site like my portfolio will I be ok with HTTP domain on Github pages? –
Hibachi
@NetEmmanuel Yes for sure it will be okay. It can also support unlimited traffic if your site goes viarl. –
Cumulate
If anyone is facing issues while configuring the new A records for SSL/HTTPS, you can refer to this post that I wrote - medium.com/@goelanirudh/…. –
Malraux
I really don’t understand. Neither you nor the docs say how to use your domain certificate with a custom domain and my GitHub pages site says don’t trust this page. It makes no sense. Shouldn’t there be a form to add my cert? It doesn’t help that they tell me they use Let’s Encrypt if they don’t tell me how to use them with GitHub Pages. –
Thorpe
Thank you pretty much! You are cool Man :-) You have pointed out at that info and inspired me by that answer) –
Fleischman
Bounty question: will you own the certificate, if you do this? –
Phillis
@Phillis Seems unlikely they'll transfer ownership of a certificate if they generate it for free... I don't actually know the answer, but I would expect it to be valid only while you're on GH pages. –
Maharashtra
@Maharashtra I'm worried that if you go this route, you won't be able to use any other host for your domain with HTTPS. –
Phillis
I can't be sure, but that's not something I would worry about to be honest. I expect it's not a rare requirement, going from GH pages to somewhere else, and I'm sure it's supported. –
Maharashtra
It's now possible to use HTTPS on GitHub Pages sites with a custom domain
If you are using
CNAMEorALIASrecords for your custom domain, you’re all set and your site should be accessible over HTTPS.
If you are using
Arecords, you must update your site’s DNS records with new IP addresses. Please see our guide to setting up your custom domain with Pages and update any A records you might have set.
Once you have HTTPS working:
You can optionally “Enforce HTTPS” for your domain in your repository’s settings, ensuring users who request your site over HTTP are upgraded to HTTPS.
You can read the full announcement here: https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
@NetEmmanuel If adding HTTPS support costs you nothing you should definitely add it. You can find more details on why to consider HTTPS support even for static content sites here: security.stackexchange.com/questions/142496/…. –
Plural
I really don’t understand. Neither you nor the docs say how to use your domain certificate with a custom domain and my GitHub pages site says don’t trust this page. It makes no sense. Shouldn’t there be a form to add my cert? It doesn’t help to know they use Let’s Encrypt if they don’t tell me what to do with them. –
Thorpe
Who will own the certificate though? (Please see the bounty) –
Phillis
Adding to this answer (since I have to go through some other issue - Can't Enforce HTTPS)
Try removing A record "parked" from your DNS record and other records which could possibly affect the pointing to your GitHub active page.
Confirm that you have put all the A names from GitHub (probably 185.199.108.153 is for enforcing the https) - [Screenshot of IPs]: https://i.sstatic.net/M8sMM.png
also add [Your username].github.io in CNAME.
add "www" in name and [your domain].com as value
This is the actual answer as updated and works on 2023 Sept. Why it have zero votes? –
Mersey
Bounty Q: do you own your SSL certificate now? Can you leave GitHub and keep it? –
Phillis
OP: I would like to know the following: If you do what the answers suggest, will you be the owner of the SSL certificate for your custom domain, or GitHub?
GitHub will own the SSL certificate. As per the documentation:
This check determines if your DNS settings are configured to allow GitHub to obtain a certificate automatically. If the check is successful, GitHub queues a job to request a TLS certificate from Let's Encrypt. On receiving a valid certificate, GitHub automatically uploads it to the servers that handle TLS termination for Pages.
OP: Will you be able to move your site somewhere else?
Yes. Even though GitHub holds a certificate for your site, there's nothing stopping you generating your own new certificate in the future. After you do that, both certificates will be valid, so you can begin serving your site from your new server using your new certificate. (GitHub's certificate will also remain valid until it expires.)
OP: Are all of these actions free?
If you're asking about the one-time act of moving from GitHub pages, there is no fee to move.
The continued upkeep of your website will most likely not be free, since you'll have to pay for a domain name, computer hardware, and an internet connection to run it from. You'll also have to pay for your own SSL certificate unless you use the free Let's Encrypt provider.
© 2022 - 2024 — McMap. All rights reserved.