Armand Grillet

Enforce HTTPS on GitHub Pages with a Gandi domain name, for free

My personal website was still accessible using HTTP until recently and, even if it doesn’t matter much for such a website, I wanted to change that.

My domain is on Gandi, which doesn’t offer free SSL certificates for existing domain names. The solution I’ve found to enforce HTTPS is to use CloudFlare, here is a tutorial about how to configure this.

Initial setup

Getting rid of Gandi

First, we’re gonna get Gandi out of the equation.

Go on Cloudflare, add a site, and then go to the “DNS” tab.

Copy the provided Cloudflare nameservers and use them in Gandi: <yourdomain.com>/nameservers/External domain names.

Gandi

We will not use Gandi anymore.

Setting Cloudflare to know about your Github Pages project

GitHub has documentation about managing a custom domain: https://docs.github.com/en/[email protected]/github/working-with-github-pages/managing-a-custom-domain-for-your-github-pages-site#configuring-a-subdomain

Follow the help and create the CNAME record in Cloudflare (still in the DNS management section of your site).

This should be enough to have your website hosted on GitHub being displayed when accessing your domain using a web browser.

Enforcing HTTPS

The settings of your GitHub project will sadly not allow you to enforce HTTPS.

GitHub HTTPS

This is where Cloudflare becomes important. Go back to it and go to the “Page Rules” tab.

From there, create a rule on <yourdomain.com>/* where the settings are “Always use HTTPS”.

This should be enough to make your website accessible via HTTPS and even redirect users visiting http://<yourdomain.com> to the HTTPS equivalent.

Updating your SSL/TLS encryption mode

Last but not least, you can change your SSL/TLS encryption mode on Cloudflare. Just go on the “SSL/TLS” tab and update it. Personally, I have it set up to Full.

@ArmandGrillet