Redirect www to non-www address for a subdomain hosted on github-pages

I want to host my personnal website on GitHub pages. For now, it’s extremely blank, but it is: https://mathieu.scheltienne.net
I want to redirect the www variant http://www.mathieu.scheltienne.net and https://www.mathieu.scheltienne.net but wasn’t able to get it to work.

The configuration is:

  • a CNAME record from mathieu to mscheltienne.github.io (which enables the address https://mathieu.scheltienne.net)
  • in SSL/TLS → Edge certificates: Always use HTTPS
  • In Rules → Pages Rules:
URL: https://www.mathieu.scheltienne.net/* 
Forwarding URL        301 - Permanent redirect
Destination URL: https://mathieu.scheltienne.net/$1

Following what I found on other posts on this forum, e.g. Redirecting www to non www - #28 by Judge among others.

No luck so far, I would appreciate guidance in this matter. Looking forward to learning new tricks!

Mathieu

You need a DNS record for www.mathieu so that will work for http…
https://cf.sjr.org.uk/tools/check?1bbd556f6b6444b1a5c448564b1117c6#dns
Use a dummy proxied value of A 192.0.2.1 or AAAA 100:: as this is just for a redirect.

For https, as www.mathieu.scheltienne.net is a second level subdomain, it isn’t covered by the Universal SSL certificate (which is for scheltienne.net and *.scheltienne.net) so you’ll need to use the Advanced Certificate Manager.

2 Likes

@sjr Thank you for the answer. This ‘dummy’ DNS record was not obvious to me.
Indeed, the certificate is not valid/working; but the advanced certificate manager (which looks handy) is a bit expensive for this one and only use-case. Do I have alternatives I could use, even if they require more work on my end?

On GitHub, the documentation says:

When you set or change your custom domain in the Pages settings, an automatic DNS check begins. This check determines if your DNS settings are configured to allow GitHub to obtain a certificate automatically. If the check is successful, GitHub queues a job to request a TLS certificate from Let's Encrypt. On receiving a valid certificate, GitHub automatically uploads it to the servers that handle TLS termination for Pages. When this process completes successfully, a check mark is displayed beside your custom domain name.

But this DNS check is never finishing. Are the certificate from Cloudflare overwriting those from Let’s Encrypt received requested by Github? Does it have something to do with the DNS record being Proxied?

Probably. Set the CNAME to “DNS only”, that should allow the certificate to be generated. You can try to re-enable the proxy afterwards, but when the certificate needs to be renewed you’ll need to set back to “DNS only” again. The Github certificate will need to include your domain name from Cloudflare, so if you can’t do that, then just leave set at “DNS only”.

When proxied, users will see the Cloudflare edge SSL certificate. Ensure your SSL/TLS settings are set to “Full (strict)” here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls
…so Cloudflare validates the certificate at Github.

If you get a 526 error later, then the certificate at Github has expired.

2 Likes

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.