Is there any news on this topic? Or at least a confirmation that one day github will protect "example.com" and "www.example.com" via ssl?
I will be a +1 on that request.
Just bought a .dev domain and was planning on keep it on github as a cv page, but since it needs an SSL cert (.dev rules) now I can't access it from the www subdomain. Not that I actively use it or share the url with it, but it's good to have the option. Right now the visitor will receive a cert error.
I understand not generating * certs to avoid abuse, but a www is pretty default and should be generated together with the apex domain when the repository is configured to a apex, since it's the same thing.
I think I've managed to make this work by accident.
example.com in the github pages settings.
@ on example.com domain pointing to github web servers
www CNAME @
http:\\example.com - works
https:\\example.com - works, cert good
http:\\www.example.com - works
https:\\www.example.com - cert error
For an experiment, I went into the github pages settings and set the config to be www.example.com.
My experiment didn't work, so I flipped it back.
But now https:\\www.example.com works, and https:\\example.com does too. SSLLabs is happy with both certificates (which are from Let's Encrypt).
It may be that flipping the setting to www caused a new certificate to be generated. Time will tell whether this cert gets renewed at its 3 month expiry time, or whether github forgets about it. Anyway, it seems to work for now.
Any update on this? Having users meet Chrome's "Your connection is not private" screen when they incude/exclude the www subdomain is a bit of a massive problem.