Issues: every 3 months or so, the custom domain for Github page will be re-issued with a new SSL certificate (used for HTTPS). This may cause certificate errors with Cloudflare and make your website inaccessible.
I found out the main culprit is the Full(Strict) SSL/TSL mode from Cloudflare.
Solution in short: on Cloudflare dashboard, go to SSL/TSL tab and set SSL mode to Full.
Do not use Full(Strict), since the certificate on the GitHub page seems to be self-signed with let’s encryption.
That’s it!
Below is just my other related notes.
- In the Cloudflare domain DNS setting set
CNAMEof your domain to your-github-page-address.github.io.
If you want to use some of Cloudflare services, may let it be handled via Cloudflare proxy ☁️, or disable ut and just use DNS directly.
Important: If your server cannot issue the certificate properly when using Cloudflare proxy, need to disable Cloudflare proxy ☁️
CNAME @ your-github-page-address.github.io
CNAME www your-github-page-address.github.io
-
Next in the Cloudflare dashboard, go to your domain SSL/TSL tab: and change it from Full(Strict) to Full. (A flexible mode is also an option, but I did not use it since Full is better and working).
-
To redirect from HTTP to HTTPS, there are up to 3 options
- Cloudflare Rules
- Cloudflare Always Use HTTPS setup wizard when you just start to add your domain
- On the GitHub page custom domain setting
I set all of the options to always use HTTPS. But the first and second on Cloudflare take priority, so the last setting on the GitHub page has no chance to redirect since the redirect process had already occurred on the domain manager side before coming to the Github page.
Tip: In Cloudflare rules, use this pattern http://.example.com/** and choose the setting Always Use HTTPS