Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Monocat Lvl 1
Message 1 of 5

Certificate error

This is a noob problem, but anyway:

 

Whenever I try to access my github page site, I get a certificate error:

 

The server blog.teratomaquia.com.br uses an invalid security certificate. The certificate is only valid for the following names: www.github.com, *.github.com, github.com, *.github.io, github.io, *.githubusercontent.com, githubusercontent.com Error code: SSL_ERROR_BAD_CERT_DOMAIN

 

I've setup everything correctly, as far as I know.

4 Replies
Tricat Lvl 2
Message 2 of 5

Re: Certificate error

Github pages available via https only if you use *.guthub.com domain. If you will take a look at repository settings:

33528745-8ea31b5c-d876-11e7-9de7-3a2f9222b97f.png

 

and yes, Chrome show warnings about certificate:

33528725-41c0b3f8-d876-11e7-892b-0bbc240b42ae.png

 

I used the hack which explained here: but then you will need a free account at CloudFlare and update your DNS records.

Tricat Lvl 2
Message 3 of 5

Re: Certificate error

I also ran into this problem yesterday, when running a tool that does not use http unless an https request first fails to connect. I was surprised to find that disabling "Enforce HTTPS" didn't actually disable https, and that Pages would still try to send a github certificate. It doesn't seem that there's anything a user can do if they don't need or want https for their site, which seems like a bug.

Community Manager
Message 4 of 5

Re: Certificate error

Hi all! Great questions and conversation here. I have some more info that I think will help.

We respond over both HTTP and HTTPS for all sites. Some users put proxies, like Cloudflare, in front of their site, but this means we can't downgrade from HTTPS to HTTP. This is because HTTPS might work, but we don't know that at our end. If a user (or tool) explicitly requests HTTPS, we'll serve it with whatever cert we have, but only if the user requests it.


Enforcement is specifically about redirecting HTTP to HTTPS. When not enabled, we don't redirect, but still serve HTTPS.


Having said all that, this particular issue isn't really a bug, because to us, the visitor is explicitly asking for HTTPS.


As mentioned above, if you're unable to hard-code HTTP, adding Cloudflare in front of your site can allow you to support HTTPS.


HTTPS for custom domains is one of our most frequent features requests, and I can tell you that it's something we're working on (though I can't specify a timeline for that).

I hope this helps!

Highlighted
Tricat Lvl 2
Message 5 of 5

Re: Certificate error

Thanks for explaining!