Support HTTPS (TLS) connections to project custom domains

[david-a-wheeler]

GitHub supports https on their main site, and as of June 2016, GitHub supports HTTPS on github.io pages (see https://github.com/blog/2186-https-for-github-pages). And that's great!

However, if projects use their own custom domain, and serve it via GitHub project pages, then HTTPS is not currently supported. There’s a workaround, but it’s not clear that it’s really secure and it imposes additional complexities: https://developer.ubuntu.com/en/blog/2016/02/17/how-host-your-static-site-https-github-pages-and-cloudflare/. Many projects use github.io pages; a sample list is here: https://github.com/showcases/github-pages-examples

Please add support for HTTPS to project custom domains; that will complete the protection of GitHub-hosted material via HTTPS.

[edunham]

This feature would have prevented a lot of inconvenience for the Rust project, where we had to set up and debug a CDN as a workaround (https://github.com/rust-lang/rust/issues/13180). With the advent of Let's Encrypt, getting certs for arbitrary domains can be easily automated with minimal overhead for the domain owner. Please support HTTPS on custom domains.

[david-a-wheeler]

Note that this is not a new unknown issue. Eric Mill said: "Of course, the work's not done until GitHub Pages supports HTTPS for custom domains. GitHub hosts a huge number of project, personal, and conference sites that use custom domains -- including GitHub's own CodeConf site -- which all continue to put their users at risk." https://konklone.com/post/github-pages-now-sorta-supports-https-so-use-it

[david-a-wheeler]

See also: Add HTTPS support to Github Pages including custom domains.

[clarkbw]

This 🚢'd! https://blog.github.com/2018-05-01-github-pages-custom-domains-https/

[caniszczyk]

AWESOME! thanks for the reminder