An update on HTTPS certificate issues

Posted:  • 2 minute read

For a little over a year now, this website has been enforcing HTTPS over both its www subdomain and the apex domain. These certificates are kindly provided automagically by GitHub in a partnership with Let’s Encrypt.

In May, the certificate for my website expired. Expecting GitHub to be on top of this, at first I did not take any action. Some of you have reached out to me about the issue, which prompted me to contact GitHub to figure out why my certficate wasn’t being renewed.

They replied very quickly (thanks!), and at first my AAAA records seemed to be the issue as GitHub Pages currently doesn’t support IPv6 (I thought I followed GitHub’s instructions to the letter when I set up HTTPS a year ago, but I may remember wrong). This worked and my certificate was renewed. Yay!

However, I was still getting the expired certificate warning when browsing to A round trip with GitHub support later, it turns out that GitHub does not support creating a certificate that covers both your root domain and your www subdomain. I do remember my website working just fine over both domains for the last year, so how this worked (or didn’t!) is a mystery to me. In any case, I have removed the A records from my DNS settings (thus removing my apex domain, and now everything is fine and dandy again. With the publishing of this blog post, all internal references should go over the www subdomain.

The timing of this was a bit unfortunate, since I was away on vacation for two weeks. This is one of the reasons that fixing this took over a month. I apologise for any inconvenience and I thank those of you that have reached out to me. It’s always nice to know that people read what I have to say and care enough to reach out!