Hacker News new | past | comments | ask | show | jobs | submit login

While that's true, I think the discussion in that issue has gone more towards HTTPS support for custom domains.



> While that's true, I think the discussion in that issue has gone more towards HTTPS support for custom domains.

A huge number of those "+1 for HTTPS on custom domains" don't seem to understand/appreciate the difference in providing HTTPS on the *.github.io (one wildcard cert) vs. HTTPS support for custom domains.

The latter would require an interface (UX being key here) and storage for uploading your own domain certificates to GitHub, which is nothing like any other part of GitHub right now. I also presume that most of these "+1's" would want this service to remain free.


You could always use CloudFlare directly for that... I would presume that their underlying connection to Github is very close and reliable in terms of risk for MITM.


Even better, you could CNAME your custom domain into the *.github.io domain, which is protected by a wildcard https.

So you traffic between CloudFlare and GitHub will also be secured.


Last I checked, this doesn't actually work with the way *.github.io is set up.


I wonder if letsencrypt will allow that to become practical?




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: