Redirect www subdomain to apex domain #23351
-
Referencing this issue where yoannchaudet said to post over here, we are experiencing the issue described and need guidance on our GitHub pages config and DNS record config. Thanks! The GitHub pages website is onnxruntime.github.io, with apex domain onnxruntime.ai and www subdomain. If there is a doc describing this, happy to follow that. Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 5 comments
-
Hello! We document how to secure both an apex domain and the www variant here. In your case you simply need to change your custom domain to Let me know if that helps! |
Beta Was this translation helpful? Give feedback.
-
Thank you for the quick reply! We are now getting a persistent TLS cert error. These are the DNS records. Any idea what is wrong here? Thanks again! |
Beta Was this translation helpful? Give feedback.
-
I pulled logs for your specific certificate and can see that all requests to provision the certificate have failed consistently. I think this is because your domain is pinning a single certificate authority: GitHub Pages is using Let’s Encrypt so you will either need to remove the restriction you have in place (i.e. remove the I’ll make a note for us to improve the detection. Once your DNS is adjusted your certificate should provision just fine. It may take few hours though since the few background retries that are happening automatically now are counting toward Let’s Encrypt’s per-domain rate limits. |
Beta Was this translation helpful? Give feedback.
-
Awesome, thank you for that! I’ve applied to get that record removed. Hopefully will resolve things. Thanks again for the speedy response, and yes any extra diagnostics would be very helpful |
Beta Was this translation helpful? Give feedback.
-
I can see the DNS change propagated and your certificate has been issued 🎉 |
Beta Was this translation helpful? Give feedback.
I pulled logs for your specific certificate and can see that all requests to provision the certificate have failed consistently.
I think this is because your domain is pinning a single certificate authority:
GitHub Pages is using Let’s Encrypt so you will either need to remove the restriction you have in place (i.e. remove the
CAA
record) or add Let’s Encrypt to the list (i.e. add an extraCAA
record with value0 issue "letsencrypt.org"
). We briefly describe this in our documentation and you can learn more aboutCAA
on Let’s Encrypt’s website directly.I’ll make a note for us to improve the detection.
Once your DNS is adjusted your certificate should provision just …