Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using CloudFlare (CDN) with GitHub Pages' and SSL/TLS Full or Full (Strict) and Proxied DNS prevents GitHub Pages Certificate Renewal #153

Open
ARGYROU-MINAS opened this issue Mar 17, 2023 · 3 comments
Open

Using CloudFlare (CDN) with GitHub Pages' and SSL/TLS Full or Full (Strict) and Proxied DNS prevents GitHub Pages Certificate Renewal #153

ARGYROU-MINAS opened this issue Mar 17, 2023 · 3 comments

Comments

@ARGYROU-MINAS
Copy link

I am hosting my personal webpage on GitHub Pages with a custom domain and using CloudFlare for DNS etc. I am using the Full (Strict) mode for TLS/SSL and Proxied DNS. When The GitHub Pages tries to renew, it is already expired and CloudFlare cannot connect to the Origin server due to the invalid (expired certificate). Since a connection to Origin cannot be established, GitHub cannot renew its certificate.

Ways to solve this MANUALLY is to either use TLS/SSL Flexible (haven't tried it but I presume it would work, since it doesn't require TLS between Origin and CloudFlare), or disable the Proxied DNS, becoming DNS Only, until GitHub Pages renews its certificate and then re-enable Proxied DNS.

Just in case it's needed, here is the URL: https://argyrouminas.eu.

Any suggestions on how to solve this permanently? It's frustrating to have to manually do this every 3 months.

This issue, I suppose is not specific to CloudFlare, but to any external CDN.

Thanks in advance!

P.S.:

I have found this: https://gist.github.com/zbeekman/ac6eeb41ea7980f410959b13416d74c9

But, even if the GitHub Pages' certificate weren't expired, it still wouldn't work, since GitHub checks that the DNS servers are pointed to the GitHub Pages addresses. Any workarounds?
@parkr
Copy link
Contributor

parkr commented Mar 17, 2023

I don't work at GitHub anymore, but they had a CDN already for Pages. Why not use their CDN instead of Cloudflare? I personally turn proxying off for my Cloudflare-managed domains that are running on Pages.

@ARGYROU-MINAS
Copy link
Author

CloudFlare give the option for Rules, statistics, WAF etc. In any

I don't work at GitHub anymore, but they had a CDN already for Pages. Why not use their CDN instead of Cloudflare? I personally turn proxying off for my Cloudflare-managed domains that are running on Pages.

Granted, I don't serve much content at the moment, since it is mainly to reserve the domain for the future, but not have it parked for GoDaddy to run adds :P , but CloudFlare provides granular caching settings, Rules (which I am already using), etc.. GitHub Pages doesn't offer all that.

@yoannchaudet
Copy link
Contributor

I have not used Cloudflare in a while but if they have any URL rewriting features, how about leaving your Pages site on the github.io domain and just proxying it via Cloudflare?

Your site will be reachable on the github.io domain, but if you care, that's not something a bit of JavaScript cannot fix. Not ideal, but we don't support anything on the server side to do what you are after.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@parkr @yoannchaudet @ARGYROU-MINAS