Enable TLS on hydrogen-music.org

[bentley]

Visiting https://hydrogen-music.org/ or https://www.hydrogen-music.org/ leads to a certificate error, as GitHub serves a certificate only valid for GitHub subdomains.

As of last year, GitHub supports TLS for custom domains by hosting sites on a CDN. This means updating the DNS records for hydrogen-music.org and www.hydrogen-music.org should be enough to enable TLS via Let’s Encrypt.

[theGreatWhiteShark]

As of last year, GitHub supports TLS for custom domains by hosting sites on a CDN. This means updating the DNS records for hydrogen-music.org and www.hydrogen-music.org should be enough to enable TLS via Let’s Encrypt.

Sounds like a pretty simple fix. Unfortunately, none of the active maintainers has access to the DNS records. @mauser could you ask wolke to do so?

[sten0]

Gentle ping

[mauser]

Hey!

Sorry for not replying earlier, those mentions went under in all the other github mails :-/

Only comix (@cominu) has access to the DNS records. We can try to ping him here :) If this does not work, i'll try to reach him by mail.

[cominu]

Hey guys! I'm on it right now :)

[cominu]

I did the changes according to Managing a custom domain for your GitHub Pages site

Hopefully as soon as the DNS changes propagates everything should be OK. Other than that, I realised I don't have access to the repository settings, so I cannot check if the rest of the configuration is OK.

[theGreatWhiteShark]

Thanks @cominu !

I'm able to fetch hydrogen-music.org using HTTPS but still get a SSL_ERROR_BAD_CERT_DOMAIN error since the certificate is issued for subdomains of github.com .

A comment on Github hinted that an appropriate Let's Encrypt certificate is only generated when checking the Enforce HTTPS option in the repo's settings. But I have no access either.

@mauser could you check this?

[mauser]

@theGreatWhiteShark : Could you check again if you have now access to the repos settings? I've added @cme and you to the core group, as well as @cominu .

Currently it still says that the status is "DNS Check in Progress" and the "Enforce HTTPS" checkbox can't be checked because the domain is not configured correctly.

[theGreatWhiteShark]

I took some time to look into this matter. It seems both the DNS records reported above and the settings of the repo are perfectly fine. Still, Github tells me

DNS check unsuccessful

Both hydrogen-music.org and its alternate name are improperly configured
The custom domain for your GitHub Pages site is pointed at an outdated IP address. You must update your site's DNS records if you would like it to be available via your custom domain. For more information, see documentation (DeprecatedIPError).

When looking up the DNS records for www.hydrogen-music.org and hydrogen-music.org using dig I get both 192.30.252.154 and 192.30.252.153. These are still valid IPs for Github pages but HTTPS seems to be only supported for the (newer?) 185.199.1**.153 ones.

@cominu the changes you mentioned above do look perfectly right. But it seems they were never propagated. Could you check with the DNS provide whether your update was successful?