HTTPS GitHub Pages DNS to Enforce SSL

https ssl domain-name-system github caa-record

Strictly speaking, it's not necessary for you to verify that you have control of the parent namespace, i.e. the superior domain for which you have requested a TLS server certificate or to implement CAA.

Let's Encrypt will automatically issue the certificate via GitHub Pages automation as long as the common name in the signing request generated by GitHub resolves to the GitHub Pages server IP address. So, troubleshooting: is that the case? Is it working without Enforce HTTPS enabled?

The automation to request and issue the server certificate does entail a significant workload at scale, and so it is conceivable too as you suspected that there is simply a delay in issuance.


The Let's Encrypt bots at GitHub MUST see the GitHub IP addresses in order to create the certificate dynamically. Consequently, if you're using Cloudflare (or similar), you'll need to unproxy the CNAME's pointed to GitHub, so that the robots see GitHub IP's and not Cloudflare (or other) IP addresses.

Once the Let's Encrypt robots confirm that the route is pointed to their own infrastructure, then the certificate will be properly created and setup for that custom domain name.

Related

KVM guest qcow2 larger than disk size
You don't currently have permission to access this folder. Windows 10 User Authentication Error Dialog Box [closed]
nfs mount with nfs 3
How to redirect user to a diferent path if token is expired
Get E-Mail Address from Layout do not work [duplicate]
Using javascript map with a function that has two arguments
Bluetooth pairing with default passkey set manually in Bluez 5 BLE
Refactor states with hooks
Spring batch integration remote partitioning - running parallel jobs
ADB error: cannot connect to daemon
How to extract a special word from the beginning of values in excel?
Regular expression in python to replace last two digits of a column value where if last two digits are 30 then replace it with 50