Does GitHub Pages Support HTTPS for www and @ subdomains?

Sweet. Can confirm that it still works for me- no need to re-issue anything, it’s a permanent solution it seems.

fre 3 juli 2020 kl. 18:49 skrev malcolmintematrix via GitHub Support Community <>:

Perfect! Simple and no worries about reissuing of certs.

1 Like

@igotinfected - I’m so glad to hear that worked for you, and welcome to the GitHub Support Community!

1 Like

I think I’m missing something here. What is the permanent solution that’s working for everyone in the last few comments? Thanks

Hi @sloth3toe, welcome to the GitHub Support Community! I think it’s my solution from a few posts up. Please let me know if this works for you!

P.S. It may also be @miesmandoki’s solution, which is basically the same. It just depends if you want www.domain.tld or domain.tld to be the primary domain people get redirected to. Mine is without the www and theirs is with the www. In both cases, entering either domain should work with no certificate errors for your visitors.


This solution worked for me. I had to remove a CNAME record I had for www and instead set up a synthetic record that was permanent with path forwarding and SSL. Thanks!

1 Like

Facing same issue @GalaxyAllie, https doesn’t work on both apex and www subdomain!

My project site is hosted on gh-pages. Custom domain setup on Github is GitHub commited a CNAME file with the URL as content. All OK till here.

I have setup DNS records like this as per documentation:

CNAME www pointing to my default user account site ( And A records of apex pointing to GitHub’s servers.

www gets directed to (OK). gets directed to (OK). (OK). shows security error as GitHub doesn’t provide certificate for www.

This is breaking a lot of existing project sites and has broken my site too. Please fix this GitHub ASAP. We love and trust you.

1 Like


I’m trying to follow these directions, but GoDaddy wont allow me to create a second CNAME record in the DNS settings. Can there only be one at a time? Currently mine is set to Name: “_domainconnect”, Value: “”, and TTL: 1 hour.

Would love any help, thanks!

My page support this: and

Same problem here- gets a complaint from Chrome.

Is there any difference between this and the usual instructions? I followed the latter and still got the issue.

I found a more recent post about this issue here Apex Domain Issued Invalid Certificate with GitHub Pages Custom Domain

But I don’t think there is an easy solution. In my case, the solution I found was to not use the www CNAME entry to the github website but instead redirect the www of my domain to my webhosting IP address.

This way I could generate a SSL certificate with my web hosting provider for my www domain.

Then I edited the .htaccess on my website to add redirection conditions from my www domain to my non-www domain (hosted on github).

I’d like to highlight that as well. I am a big fan of good documentation (and I do indeed read it carefully!) and the github documentation is indeed good in a lot of parts but here we have quite some room for improvement. I would really appreciated if the docs on this rather time-consuming topic (DNS changes, watinting for hours because of TTLs, and so on!) would be as accurate and detailed as possible. Please update your docs accordingly.

1 Like

I’d like to add that github docs are Open Source. I only recently realized that, since a very helpful github support agent clarified some things to me. I filed some PR’s and they were merged in a jiff Please, any of you who found anything being undocumented or you feel something is not satisfyingly documented, just take the time and file a PR. It would add so much for everyone! The github docs team is very helpful with reviewing and further improving your suggestions. Thanks! No, I don’t work for github! LOL

Hey all, just wanted to let you all know that this feature has shipped and GitHub can now secure both the www and apex versions of your domain :tada:

You’ll need to make sure that your DNS is set up for both the apex and www subdomain according to the documentation and GitHub will then request an SSL certificate that covers both.


It’s great that this is working now however one weakness I see is that requiring the WWW subdomain to be CNAMEd to exposes the Github username which some people might prefer to keep hidden. I understand that currently, CNAME’ing WWW directly to the apex domain doesn’t result in a WWW SSL certificate being created (it works great for non-SSL WWW to apex redirection), but is there an absolute technical reason this couldn’t be made to work?

I did have my apex domain (via A record) and www subdomain (via CNAME) setup, but the SSL certificate was not valid for the www subdomain. What I had to do was to deactivate the “Enforce HTTPS” option and re-activate it. Github pages then detected a change in the DNS settings and issued a new certificate, which was then valid for the www subdomain as well.