Above, Below, and Beyond Tech Talk

by Rahel Lüthy

May 3, 2018

GitHub Pages Custom Domains Via HTTPS

Two days ago, GitHub announced the support of HTTPS for custom domains. In addition to this blog, I maintain a few websites for friends and family, all configured through A records – time for migration!

Officially, the migration is a simple matter of toggling the “Enforce HTTPS” button, but the button was disabled for all of my sites. The explanation wasn’t particularly encouraging: Unavailable for your site because your domain is not properly configured to support HTTPS.

Well, time for RTFM (not my favorite hobby).

These are the steps that finally worked for me:

HTTPS Migration Steps

Step 0: Mixed Content Prevention

First things first: Prepare your site’s content. Ensure that all your assets (links to CSS, JS, etc.) are loaded via HTTPS. Otherwise browsers might block your “Mixed Content”.

Step 1: DNS A-Record Migration

On your provider’s website, change all A records to point to the following four new IPs:
 

192.30.252.153

192.30.252.154

185.199.108.153

185.199.109.153

185.199.110.153

185.199.111.153
 

This change might take a few hours to become effective (depending on the TTL). Use dig to check whether the new DNS configuration is ready:

dig netzwerg.ch +noall +answer

It should look like this:

; <<>> DiG 9.10.6 <<>> netzwerg.ch +noall +answer
;; global options: +cmd
netzwerg.ch.		10800	IN	A	185.199.110.153
netzwerg.ch.		10800	IN	A	185.199.111.153
netzwerg.ch.		10800	IN	A	185.199.108.153
netzwerg.ch.		10800	IN	A	185.199.109.153

Step 2: Trigger Certificate Generation

In order for GitHub to detect that your site is now ready for migration, you apparently need to trigger a detection script. Any change to your repository’s CNAME file will do, so e.g. make a minor change and revert it, or make a harmless whitespace edit. As a result, GitHub will now generate the certificates necessary for HTTPS.

Step 3: Wait For Certificate Availability

Now the “Enforce HTTPS” button will still be disabled, but the explanation will be much more encouraging: Not yet available for your site because the certificate has not finished being issued. More patience required, we’re getting there…

Step 4: Enforce HTTPS

It might take a few hours, but as soon as this message is gone, you can access your site via HTTPS. Check that everything still works (particularly your new HTTPS asset links). Once you’re happy, toggle the “Enforce HTTPS” switch – Voilà!

Written by Rahel Lüthy — Generated by Hakyll