Pages HTTPS certificate stuck in "new" for ~3 weeks (apex caviar.group), DNS verified correct #200447
Replies: 3 comments
-
|
💬 Your Product Feedback Has Been Submitted 🎉 Thank you for taking the time to share your insights with us! Your feedback is invaluable as we build a better GitHub experience for all our users. Here's what you can expect moving forward ⏩
Where to look to see what's shipping 👀
What you can do in the meantime 💻
As a member of the GitHub community, your participation is essential. While we can't promise that every suggestion will be implemented, we want to emphasize that your feedback is instrumental in guiding our decisions and priorities. Thank you once again for your contribution to making GitHub even better! We're grateful for your ongoing support and collaboration in shaping the future of our platform. ⭐ |
Beta Was this translation helpful? Give feedback.
-
|
This is a known backend failure. Since you've already verified your DNS and performed a reset, you cannot fix this yourself. Open a ticket at the GitHub Support Portal. Paste this exact summary: Crucial: Do not remove or re-add the domain while waiting for their reply; it often resets the internal timer and delays the process further. |
Beta Was this translation helpful? Give feedback.
-
|
Hello GitHub Support team,
The HTTPS certificate for my GitHub Pages custom domain has never been
issued.
It has now been stuck for approximately three weeks, and I would be
grateful if
someone could manually intervene, as the problem is clearly on the GitHub
side.
Account / repository
- GitHub account: aslankaa1-droid
- Repository: aslankaa1-droid/caviar
- Custom domain (apex): caviar.group
- Pages build status: built
Key finding
The GitHub Pages API reports the certificate as:
"https_certificate": {
"state": "new",
"description": "This domain was recently added. The certificate request
process will begin shortly.",
"domains": ["caviar.group"]
}
"https_enforced": false
It has remained in this exact "new" state since approximately 10 June 2026.
Because the state is still "new" — and never advanced to
"authorization_created",
"authorized", or even "errored" — the Let's Encrypt request appears to have
never
been initiated on your side. This is not a domain-validation failure; it is
a
provisioning job that has stalled before it ever started.
I have thoroughly verified that my side is correctly configured
- Apex caviar.group has exactly the four current GitHub Pages A records
(185.199.108.153, 185.199.109.153, 185.199.110.153, 185.199.111.153) and
no
other A records.
- There are no AAAA records on the apex.
- There are no CAA records at all, so Let's Encrypt is permitted by default
(verified via both Google and Cloudflare DNS-over-HTTPS).
- The domain is not DNSSEC-signed, so DNSSEC cannot be interfering.
- The HTTP-01 challenge path is reachable directly from GitHub:
http://caviar.group/.well-known/acme-challenge/<token> returns HTTP 404
from
GitHub.com with no redirect, and the apex root returns HTTP 200 with no
redirect.
- www.caviar.group is a CNAME to aslankaa1-droid.github.io.
Meanwhile, over HTTPS the server presents a certificate with CN=*.github.io
(Let's Encrypt, valid 4 Jun – 2 Sep 2026) that does not match caviar.group,
so
clients get a hostname mismatch (SEC_E_WRONG_PRINCIPAL). No certificate has
ever
been issued for the custom domain itself.
Already tried on my side (no effect)
- Removed and re-added the custom domain in Pages settings to re-trigger
issuance.
Request
Since the DNS and challenge configuration are all correct and the
certificate
request has never progressed beyond "new" in three weeks, could you please
manually re-trigger / force the Let's Encrypt certificate provisioning for
caviar.group? If you need anything further from me, I will provide it
immediately.
Thank you very much for your help.
Best regards,
aslankaa1-droid (caviar.group)
вт, 30 июн. 2026 г. в 10:22, R Hari Krishnan ***@***.***>:
… This is a known backend failure. Since you've already verified your DNS
and performed a reset, you cannot fix this yourself.
Open a ticket at the GitHub Support Portal <https://support.github.com/>.
Paste this exact summary:
Domain: caviar.group
Repo: aslankaa1-droid/caviar
Issue: https_certificate.state has been stuck as "new" since 2026-06-10.
Request: Please investigate the provisioning backend and manually re-trigger the Let's Encrypt issuance.
Crucial: Do not remove or re-add the domain while waiting for their reply;
it often resets the internal timer and delays the process further.
—
Reply to this email directly, view it on GitHub
<#200447?email_source=notifications&email_token=CDC25HV2RHYHW2RNEDEIS4L5CNTCFA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZUHAYDOMJXUZZGKYLTN5XKMYLVORUG64VFMV3GK3TUVRTG633UMVZF6Y3MNFRWW#discussioncomment-17480717>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/CDC25HUZIZMUIJJ7GEKKZ2D5CNTCFAVCNFSNUABIKJSXA33TNF2G64TZHMZTAMJVG4ZTGNBUHNCGS43DOVZXG2LPNY5TCMBTGM3TQMZQUF3AE>
.
Triage notifications, keep track of coding agent tasks and review pull
requests on the go with GitHub Mobile for iOS
<https://github.com/notifications/mobile/ios/CDC25HS53GQ6MD3EQWBFHS35CNTCFA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZUHAYDOMJXUZZGKYLTN5XKMYLVORUG64VFMV3GK3TUVJTG633UMVZF62LPOM>
and Android
<https://github.com/notifications/mobile/android/CDC25HU6CSH7RVDMF2Z2ATT5CNTCFA5CNFSNUABIM5UWIORPF5TWS5BNNB2WEL2ENFZWG5LTONUW63SDN5WW2ZLOOQXTCNZUHAYDOMJXUZZGKYLTN5XKMYLVORUG64VFMV3GK3TUVZTG633UMVZF6YLOMRZG62LE>.
Download it today!
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
🏷️ Discussion Type
Bug
Body
My GitHub Pages custom-domain certificate has been stuck and never gets issued.
The site is reachable over HTTP (200), but HTTPS serves a certificate that does not match the hostname:
curl → schannel: SNI or certificate check failed: SEC_E_WRONG_PRINCIPAL.
I verified every documented requirement:
Everything on the DNS/repo side matches requirements, yet the certificate never leaves "new". This looks like a backend provisioning issue. Could a staff member please re-trigger / investigate the Let's Encrypt provisioning for caviar.group? Thank you.
(Support ticket #4519773 was closed as out-of-scope for the free plan and redirected here.)
Beta Was this translation helpful? Give feedback.
All reactions