I recently got a notice from my domain provider that my SSL certificate for www.rubaniuk.com will expire in 1 month and that I need to renew it. I opened this blog and noticed that the certificate has expired already, I decided to dig deeper and found out that GitHub Pages aren’t receiving new cert from my Certificate Authority!
This wasn’t great user experience and that got me thinking: what if I switched to free LetsEncrypt Certificate Authority? Let’s do just that!
First, let’s delete existing CNAME file with domain in it:
Second, let’s configure Certification Authority Authorization record (CAA record) - you can do it in settings for your domain at your domain registrar’s website. For my custom domain the settings were as follows:
Third step - let’s re-create CNAME file with the custom domain as the only line in it:
The TLS certificate was issued nearly instantly and I was able to check “Enforce HTTPS”.
LetsEncrypt updates TLS certificates every 90 days. The cert was had an expiration date of “Saturday, April 30, 2022 at 9:03:18 PM Pacific Daylight Time” at the moment of writing this post.
The certificate should auto-renew in 90 days and I will post an update if I see any issues.