Migrating Jekyll Blog's SSL certificate to LetsEncrypt
I recently got a notice from my domain provider that my SSL certificate for www.rubaniuk.com will expire in 1 month and that I need to renew it. I opened this blog and noticed that the certificate has expired already, I decided to dig deeper and found out that GitHub Pages aren’t receiving new cert from my Certificate Authority!
This wasn’t great user experience and that got me thinking: what if I switched to free LetsEncrypt Certificate Authority? Let’s do just that!
First, let’s delete existing CNAME file with domain in it:
git rm CNAME
git commit -m "Deleting custom domain"
git push
Second, let’s configure Certification Authority Authorization record (CAA record) - you can do it in settings for your domain at your domain registrar’s website. For my custom domain the settings were as follows:
Type Host Value TTL
CAA Record www.rubaniuk.com 0 issue "letsencrypt.org" Automatic
Third step - let’s re-create CNAME file with the custom domain as the only line in it:
echo www.rubaniuk.com > CNAME
git add CNAME
git commit -m "Re-enable custom domain after configuring CAA record/letsencrypt"
git push
The TLS certificate was issued nearly instantly and I was able to check “Enforce HTTPS”.
LetsEncrypt updates TLS certificates every 90 days. The cert was had an expiration date of “Saturday, April 30, 2022 at 9:03:18 PM Pacific Daylight Time” at the moment of writing this post.
The certificate should auto-renew in 90 days and I will post an update if I see any issues.