Connection with https:// shows an certificate warning

[rnestler]

When connecting to https://maidsafe.net/ one gets a certificate warning:

[dirvine]

As all info is static and not for taking info or any user input then it's hosted on github. So there is no https:: for the site. Currently not required. Cheers though for the feedback.

[schmijos]

Content being static is not a satisfying reason for not serving HTTPS. Everybody could MITM and compromise the HTTP traffic and use a 0-day against any visitor of your website.

In your case using cloudflare would be a cheap but better solution since at least the communication between cloudflare and the user would be encrypted.

[Viv-Rajkumar]

This has been something thats been discussed and in a to-do for a while.

While using CloudFare seems like a decent choice to have the data between the user and cloudfare encrypted, it's still a bit misleading to the end user as mentioned with the second caveat here

From that post:

An attacker who could get between CloudFlare and GitHub could have altered the form in transit to send payment information to anywhere they wanted.

Then you wonder would the users seeing this as a trusted connection(in their browser) with cloudfare hurt more than help in this case.

Think ideally we might want to move hosting off github pages for the main site until we had support for this in github. I'll reopen this ticket so it doesn't go into a backlog and hopefully we can get this actioned soon.

[frabrunelle]

The easiest solution IMO would be to use GitLab Pages instead of GitHub Pages since GitLab now has support for HTTPS (support for custom domains and TLS certificates was added in GitLab 8.5, which was released two months ago).

Secure your custom domain website with TLS

When you add a new custom domain, you also have the chance to add a TLS certificate. If this setting is enabled by your GitLab administrator, you should be able to see the option to upload the public certificate and the private key when adding a new domain.

They even have a tutorial that shows how to use Let's Encrypt with GitLab Pages: Tutorial: Securing your GitLab Pages with TLS and Let's Encrypt. They are also planning to add built-in support for Let's Encrypt.

[rnestler]

https://maidsafe.net/ now actually works and uses a Let's Encrypt certificate! There are some warnings about mixed content, but I think we can close this issue.