GitHub Pages and Quakkels.com

Feb 12, 2020

System Administration

By: Brandon Quakkelaar

So I must’ve been under a rock for the last 21 months because it wasn’t until this week that I learned that GitHub Pages now supports SSL certificates for custom domains. They’ve had SSL support since 2016 for sites using {user}.github.io domains. But it has also been available for custom domain sites (like this one) since May of 2018.

Before the feature was upgraded there were hacks to get around the custom domain limitation. Back then, when I was investigating, I decided it wasn’t worth the complexity and effort. Quakkels.com is just a personal blog built with a static site generator using a free hosting service. I didn’t see the need to spend too much effort on a hacky solution for adding SSL to it. SSL was a “nice to have” feature, but not critical to me.

When I decided to look into it again, I was surprised that custom domain SSL’s were supported. Pleased as I was to learn this I was also slightly dismayed that I was ignorant for so long about the new GitHub feature.

Updating was simple enough. Years ago GitHub Pages had me create A Records pointing to a couple of their IP addresses. That method of setting up the domain is not compatible with the SSL feature they provide now. So I simply had to remove those A Records, and and replace them with a CNAME pointing to quakkels.github.io.

I monitored the propogation of those setting with dig, as GitHub recommends.

$ dig quakkels.com +nostats +nocomments +nocmd

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> quakkels.com +nostats +nocomments +nocmd
;; global options: +cmd
;quakkels.com.			IN	A
quakkels.com.		228	IN	CNAME	quakkels.github.io.
quakkels.github.io.	2029	IN	A	185.199.108.153
quakkels.github.io.	2029	IN	A	185.199.111.153
quakkels.github.io.	2029	IN	A	185.199.109.153
quakkels.github.io.	2029	IN	A	185.199.110.153

Once I saw the updated CNAME pointing to quakkels.github.com then I headed back over to my GitHub Pages settings to turn on SSL. I had to wait a few minutes for the SSL cert from LetsEncrypt to be available. Once that was online then all I needed to do was check the box to turn on SSL.

The last thing I needed to do was on my end rather than on GitHub’s end. I needed to update my Hugo config.toml to use https for the base url, re-generate the blog, and git push the changes.

Further Reading