42

How can I get https://www.test.com to redirect to https://test.com when using GitHub pages to host a static website?

I recently enabled TLS (provided by GitHub/Lets Encrypt) for my static site by setting A records at my DNS provider (namecheap). I've also chosen to "Enforce HTTPS" option in my GitHub repository's settings, which handles redirecting requests from http://test.com to https://test.com. I have a redirect configured through my DNS provider which forwards http://www.test.com to https://test.com, but the one missing piece of the puzzle is forwarding https://www.test.com to https://test.com.

Regarding this issue, GitHub says, "If your domain has HTTPS enforcement enabled, GitHub Pages' servers will not automatically route redirects. You must configure www subdomain and root domain redirects with your domain registrar."

... and my DNS provider says, "It is not possible to set up a URL redirect in the account for the TCP port forwarding from http://www.domain.tld (uses port 80) to https://www.domain.tld (working via port 443)."

I seem to be caught in an infinite loop of the two services saying the other should provide this functionality.

pdoherty926
  • 9,895
  • 4
  • 37
  • 68
  • Use @ajzbc's answer, but reobtain your certificate with certbot, making sure you have both test.com and www.test.com as domains. (`-d test.com -d www.test.com` instead of `-d test.com`) – Eric Reed Mar 10 '19 at 20:44
  • Thanks for this suggestion, @HewwoCraziness. If I were to do this, would I be on the hook for updating the cert every 90 days? As of now, GitHub handles that for me. – pdoherty926 Mar 12 '19 at 18:27
  • 1
    Looks like you can add a custom domain with HTTPS enabled under GitHub's settings: https://ayesh.me/GitHub-HTTPS (If this doesn't work, yeah, you can fallback to manually updating and adding the cert every 90 days, or finding a way to automate that.) – Eric Reed Mar 12 '19 at 21:14

3 Answers3

37

What worked for me:

  • Change your custom domain to be prefixed with www., like this: form

  • Save the settings and wait until www.example.com resolves and works.

  • Remove the www. prefix and save again.

  • Wait for browser and DNS caches to invalidate.

  • All combinations should lead to https://example.com/ and no SSL error should appear.

Paul
  • 6,061
  • 6
  • 39
  • 70
  • 1
    why should I "Remove the www. prefix and save again."? Why this solution works? I do not understand... – Shi Dec 05 '19 at 09:58
  • 8
    Hold on a second. Is this tricking github certbot to generate a certificate for both www and naked domain? But then at end of the validity, it will only renew the current naked domain certificate most probably. – Sudarshan Kadam Dec 17 '19 at 19:49
  • @SudarshanKadam good question. One of my domains expires in a month, I'll check when it renews. – Paul Dec 18 '19 at 08:02
  • 5
    @SudarshanKadam so my cert was re-newed, and the www prefix still works. – Paul Jan 17 '20 at 18:45
  • 2
    Thank you @Paul for confirmation. – Sudarshan Kadam Jan 18 '20 at 20:27
  • 3
    I'll be damned; this worked. In order to not lead others astray, I'll accept your answer after the cert gets renewed and this continues to work. How did you figure this out? Have you reached out to anyone at either GitHub or LetsEncrypt to try and figure out what is actually going on here? – pdoherty926 Apr 05 '20 at 03:15
  • My wild guess: Once you configure a CNAME for your GH pages site, GH pages uses LetsEncrypt's certbot to request a SSL certificate for that domain. In a typical certbot installation this will [automatically register the certificate for renewal](https://certbot.eff.org/docs/using.html#modifying-the-renewal-configuration-file); normally all installed certificates are renewed with a single `certbot renew` command. If you then modify the CNAME it seems that they don't bother to revoke the previous certificate. – Grodriguez Apr 08 '20 at 08:12
  • @pdoherty926 I found about it accidentally while trying various things to solve this. Didn't contact GitHub or LetsEncrypt about it. – Paul Apr 30 '20 at 11:10
  • @pdoherty926 Gentle reminder to "accept your answer after the cert gets renewed and this continues to work."... if it did :) – Thomas Apr 30 '20 at 17:25
  • @Thomas The current cert expires on 7/15/2020. – pdoherty926 May 25 '20 at 14:25
  • 3
    I can confirm that my cert was renewed sometime within the last week. – pdoherty926 Jun 22 '20 at 19:50
  • 1
    Even though this seems to be working at the moment, isn't this a hack that GitHub could "fix"? I don't wanna have to always check if certificates renew properly. – Michael Schnerring Oct 22 '20 at 20:37
  • Though this works at the moment! But when I checked this after a week, its back to the previous condition! Its just that I have checked after a week, it might have stopped working earlier! – Ankur Shah Oct 27 '20 at 15:07
  • (...from prev. comment) Again, when I added the domain with `www` in `A record` then it started working again! – Ankur Shah Oct 27 '20 at 19:12
  • This solution stopped working at some point without any changes to the GH settings or DNS records with my provider. I'm in the process of retrying and waiting for DNS to be updated and the cert to be reissued and will report back. This is not encouraging, though. You'd think GH would have a more reliable solution for what must be a very common (the most common?) setup. – pdoherty926 Dec 23 '21 at 13:56
  • Replacing my four A records pointing to GH's IPs with an ALIAS record pointing to the default domain user.github.io seems to have solved the problem. I'm not sure what to make of this but it doesn't leave me feeling very encouraged about this approach as a long term solution. – pdoherty926 Dec 26 '21 at 19:17
4

GitHub Pages handles redirection between the apex domain and www subdomain automatically as long as you configure the DNS records correctly.

From the GitHub Pages documentation on configuring an apex domain:

If you configure the correct records for each domain type through your DNS provider, GitHub Pages will automatically create redirects between the domains. For example, if you configure www.example.com as the custom domain for your site, and you have GitHub Pages DNS records set up for the apex and www domains, then example.com will redirect to www.example.com. Note that automatic redirects only apply to the www subdomain.

While the docs discuss redirecting from the apex domain to the www subdomain, the reverse direction works as well.

If the apex domain is the desired target (as in this question): set the custom domain value to just example.com.

If the www subdomain is the desired target: set the custom domain value to www.example.com.

Again, this works as long as DNS records are correctly configured for both the apex domain and www subdomain, as described in the docs.

Not the point of this question, but the question When should one use a 'www' subdomain? offers some good insight on using the www or not.

Henry Woody
  • 14,024
  • 7
  • 39
  • 56
0

None of the answers here worked for me, so to fix it, I set up a forward domain on my Domain Provider (Google Domains).

I made my www subdomain point to my main domain with the following configuration:

  • Permanent redirect (301)
  • Forward path
  • SSL On
OscarVGG
  • 2,632
  • 2
  • 27
  • 34