[alfredxing]

I'd love to see SSL support on custom domains as well, but I know there are a couple of reasons why it hasn't happened already:

1. GitHub Pages likely isn't a core focus for GitHub, however useful it may be

2. GitHub Pages is currently completely interface-less, relying only on an automated build system running each site through Jekyll and deploying it. In order to support custom certificates, they would need to build an interface for certificate uploading/maintenance (and of course putting the certs & keys into the repo, like the current CNAME system, won't work).

[bad_user]

GitHub Pages does have an interface, being the user's or the project's profile. You already need to activate GitHub Pages (it can even auto-generate stuff for you) and you need to tell GitHub your public SSH key in order to let you push things into your GitHub Pages enabled repository, right?

Also I hate the CNAME file, as I always forget what to do - should it be a naked domain, should it have www in front, can I specify multiple domains and so on and I always have to reach for their documentation.

It's not a core focus for GitHub, but it's a nice add-on and such things have been keeping many of us on GitHub.

[landr0id]

> In order to support custom certificates, they would need to build an interface for certificate uploading/maintenance

With Let's Encrypt (mentioned in the issue) it could be 100% automated with free certs.

[lifthrasiir]

If there are hundreds of thousands of these certificates, you will need a custom ACME client anyway. It is not trivial even with a presence of SNI.

[diafygi]

Eh, ACME isn't that complex. I wrote a fully automated client in less than 200 lines of python.

https://github.com/diafygi/acme-tiny

[lifthrasiir]

An HTTP client that gives a simple automated response is easy to write. An HTTP client that gives simple automated responses to 10,000 connections every second is not easy to write.

(Disclaimer: That said, I haven't seriously assessed the scalability of typical ACME clients. I would appreciate any hard number for them.)

[michaelt]

The ACME client only has to run once every 90 days, to validate domain ownership and retrieve an updated certificate. After that, the certificate can be stored on and loaded from disk - the same way most of the files being served are probably stored.

It's true there might be some added complexity, as the private keys will need to be stored securely. And session resumption data, if you need to support that. Doesn't seem like an insurmountable problem, though.