openemu.github.io icon indicating copy to clipboard operation
openemu.github.io copied to clipboard

Published 20 hours ago verified publisher icon OpenEmu

https://www.openemu.org has bad certificate

Open lilyball opened this issue 6 years ago • 7 comments

Trying to visit https://www.openemu.org serves me a certificate for www.github.com. The bare https://openemu.org works.

lilyball avatar Apr 17 '19 20:04 lilyball

Am aware. This is a side effect of GitHub's new support for automatic HTTPS for custom hosted domains (and some browsers like Safari's address bar sometimes forcing a www subdomain in front of the apex domain for typed-in addresses). I've seen this reported and unresolved by other projects -- the fix I assume is at the DNS level. In the mean time, our official URL is openemu.org and accessible via https/http without the www as always.

clobber avatar Apr 17 '19 20:04 clobber

Does github allow .htaccess so we could write a redirect to force the url to https sans www? I do this on all my linux hosted sites and it works very well.

craigerskine avatar Apr 18 '19 13:04 craigerskine

@craigerskine That presupposes being able to even talk to the site in the first place. You can't redirect someone if they don't accept your certificate.

lilyball avatar Apr 18 '19 22:04 lilyball

The certificate is working correctly for my GitHub Pages-hosted website. This is probably worth another look in the preferences.

skyzyx avatar Jun 23 '19 03:06 skyzyx

It is done in DNS level as docs say: https://help.github.com/en/github/working-with-github-pages/managing-a-custom-domain-for-your-github-pages-site#configuring-an-apex-domain

So somebody just need to login to Namecheap (registar and DNS provider) and add that "www" subdomain as a CNAME/ALIAS.

Triloworld avatar Nov 23 '19 22:11 Triloworld

@Triloworld Thanks for the 2 cents, but everything is configured properly at the DNS level, including the CNAME record. The issue is that GitHub only generates a certificate for the apex domain and no wildcards or www subdomains, so trying to resolve https://www.openemu.org simply will not work and browsers will rightly complain about it. I've seen enough complaints on GitHub forums already requesting they change the certificates.

This is not our problem. The OpenEmu domain is openemu.org and not www.openemu.org.

clobber avatar Nov 24 '19 14:11 clobber

@clobber it's working now fine - there is now proper redirect and ssl cert with alternatives names :) For further reference: https://www.ssllabs.com/ssltest/analyze.html?d=openemu.org&hideResults=on&latest

DNS CAA records missing to add some security and seo boost point (guide: https://nikhilshares.medium.com/publishing-github-page-website-on-a-custom-domain-with-https-enforcement-c034e1e53415#67b4) - Value to add letsencrypt.org in CAA record for domain and all subdomain for futher development as branch previews.

openemu.org.  CAA 0 issue "letsencrypt.org"
openemu.org.  CAA 0 issuewild "letsencrypt.org"

Thx for great work.

Triloworld avatar Jan 04 '23 12:01 Triloworld