[y4mi]

I really don't see the problem. Once you set your cname record to GitHub, you've essentially yielded all control to them.

If you don't like that, don't set a cname record.

[rvnx]

From GitHub themselves:

"GitHub Pages sites have been issued SSL certificates from Let's Encrypt, enabling HTTPS for your custom domain. This isn't officially supported yet and it's not possible for you to enable and enforce it on your sites at this time."

[suixo]

Could you please provide a link to this page? I wasn't able to find anything like this on the docs (https://help.github.com/articles/securing-your-github-pages-... and related)

EDIT: found out the "official statement" here https://gist.github.com/coolaj86/e07d42f5961c68fc1fc8#gistco...

[dane-pgp]

What if you trust them at the time, but then move your domain over to different hosting. Is it possible to revoke the previous certificate, or could your old host theoretically keep hold of the old cert and use it in a MitM attack against you?

Fortunately LE are moving towards shorter and shorter validity periods for certs, which at least limits your risk somewhat.

[ams6110]

Certificate revocation only really works in theory. Fortunately Let's Encrypt certificates are rather short-lived.