Do you have any idea how TLS actually works? If this worked out of the box for custom domains, then GitHub would need to be able to impersonate those domains.
At the very least you'd need a way to upload a private key/cert combo that they could server in response to an SNI request. Given the sheer number of sites that they host (every user effectively has a custom GitHub pages page) that's not really feasible though. Hence only support for *.github.io as that only requires a single wildcard cert.
> Do you have any idea how TLS actually works? If this worked out of the box for custom domains, then GitHub would need to be able to impersonate those domains.
If you redirect your domain to my webserver, I can get a certificate for it. E.g. from Let's Encrypt.
Wordpress.com uses that and offers SSL certificates to "million-plus"[0] blogs with custom domains. It's certainly doable at scale, although I totally understand it not having priority for GitHub (esp if it doesn't fit their current technical setup).
Do you have any idea how TLS actually works? If this worked out of the box for custom domains, then GitHub would need to be able to impersonate those domains.
At the very least you'd need a way to upload a private key/cert combo that they could server in response to an SNI request. Given the sheer number of sites that they host (every user effectively has a custom GitHub pages page) that's not really feasible though. Hence only support for *.github.io as that only requires a single wildcard cert.