-
Notifications
You must be signed in to change notification settings - Fork 195
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
upgrade to HTTPS #165
Comments
It looks like we're using A, which requires DNS modification: TODO:
|
I locally verified that the IPs in https://help.github.com/articles/setting-up-an-apex-domain/#configuring-a-records-with-your-dns-provider work in general. Of course there is still no valid LE certificate on it, as creating that depends on the official DNS servers pointing to these IPs. But it confirms that changing DNS now won't break anything. Right now, the IPs are still old indeed:
@sgallagher : Can you please switch them to the four IPs that are mentioned on the above gh page?
Thanks! |
I just pushed out this change. It may take up to a day to propagate. |
I've checked step 1. Let's see how well this works and flip the switch to enforcing in a day (or most likely: next week, due to the holiday weekend). |
So, after this propagated, I get a certificate validation failure, which is expected because the SSL cert is issued with only the following SAN values:
Connecting via https://cockpit-project.github.io works successfully for that connection, however it automatically redirects the browser to http://cockpit-project.org (non-SSL). |
We need to remove and re-add the custom domain to trigger a new cert. I'll do that later today to give DNS a bit more time. |
I just did that FYI, DNS looks good from here. No immediate effect yet, it might take a while? |
It still didn't work even though DNS returns the right IPs now for me as well. I removed and added the custom domain again. |
Still no valid certificate, so just temporarily removing and adding the custom domain is clearly not working. |
Apparently not. GitHub explicitly mentions this in their docs, though 😞 |
I contacted GitHub support a little earlier this morning, and they just fixed it & responded back. So now we have a proper certificate, and can (probably) flip HTTPS on by default! |
I just flipped the check on, so it should be enforcing HTTPS now. |
GitHub pages now supports HTTPS for custom domains.
We should upgrade to HTTPS and make it the default.
More information at https://blog.github.com/2018-05-01-github-pages-custom-domains-https/
The text was updated successfully, but these errors were encountered: