https

[icecream17]

Usually github pages have https links, but this site seems to be using http instead

[ctrlcctrlv]

@frank-trampe Does your 501c3 own designwithfontforge.com? If so, can it use Let's Encrypt, or else buy a cert?

[jtanx]

I think @n8willis posted on the mailing list that it's still under his name and was looking to pass it on, but no one replied.

Do we actually have an org to manage these now?

Also GH pages will do ssl for free iirc as long as dns is set up properly

[ctrlcctrlv]

Thank you for your note @jtanx. I do indeed see the post of @n8willis to fontforge-devel on 11 September of the past year:

I am not sure when @frank-trampe's 501c3 began to exist, but it certainly does now, and could assume the domain. I suggest Frank and Nate discuss the issue offline, then once Frank has the domain under his corporation for the FontForge Project, he can either enforce HTTPS through the GH Pages method or another method.

[n8willis]

I think @n8willis posted on the mailing list that it's still under his name and was looking to pass it on, but no one replied.

Indeed; and to reiterate that, I don't have any problem renewing the registration, but I do think that, in general, it's better for such assets to be held by communities with some clear & shared understanding of how it's meant to work.

[n8willis]

I am not sure when @frank-trampe's 501c3 began to exist, but it certainly does now, and could assume the domain. I suggest Frank and Nate discuss the issue offline,

I'd greatly prefer that all such conversations take place on public forums.

Not because I have anything less than infinite confidence in whatever nesting doll of shell corporations and cross-linked offshore tax havens Frank has presumably delicately assembled, of course. But because any community-wide-in-scope conversation ought to be transparent, for contemporary and future understanding of what-goes-where-and-why-that-all-happened-that-way. And there's seriously nothing secretive about any aspect of this.

[ctrlcctrlv]

It has been a long while since I transferred domains, but back when I did it they involved shared secrets between domain sender and recipient, unless the domain was being transferred inside a registrar. When I suggested off-tracker discussion, it was only for the swapping of such shared secrets, I don't mean to imply there's any secrecy needed beyond what the domain name system itself asks for.

[frank-trampe]

I am happy to transfer the domain, but I am also happy just to reimburse @n8willis for hosting fees. We tried to transfer fontforge.org last year and followed all of the guidelines from both registrars, but the transfer failed and somehow also resulted in an error renewing the domain (still under Toby's name) this year, which is thankfully now resolved. There are more moving pieces here than there, and the underlying difficulty aside, if we were to manage the process on the public issue tracker, I feel like we'd end up with a thread of sequential disasters that ends up all over Reddit under the title "Font People Do Domain Names". Which isn't to say that I'm not onboard to try, just that I'm not sure that it would be a net win.

[frank-trampe]

@jtanx, you did the https setup for fontforge.org, right? How did we get that certificate? Did we just change a DNS record to validate control/ownership?

[ctrlcctrlv]

Don't feel bad Frank, often times I feel like the domain name system is held together with duct tape and glue. If you think the state of libre fonts is bad don't even dare to look at how a lot of domain stuff actually works 😂

I have done a few domain transfers in my life and I have to say that every single time it was different based on the pair of sending registrar and receiving registrar. They all have their own policies and ways of doing things, sometimes involving shared secrets, sometimes involving you sending an email or setting a TXT record, it really is a quite incoherent system.

[jtanx]

Regarding https setup, I didn't do anything special.

I believe in this case, the DNS records just need updating before it can be enabled. As per https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site#configuring-an-apex-domain:

To create A records, point your apex domain to the IP addresses for GitHub Pages.

185.199.108.153
185.199.109.153
185.199.110.153
185.199.111.153

To create AAAA records, point your apex domain to the IP addresses for GitHub Pages.

2606:50c0:8000::153
2606:50c0:8001::153
2606:50c0:8002::153
2606:50c0:8003::153

[frank-trampe]

How does GitHub get a certificate for a domain it doesn't own?

[frank-trampe]

@ctrlcctrlv, I'm glad I'm not the only one who feels unusually adrift in the world of domain names.

[jtanx]

How does GitHub get a certificate for a domain it doesn't own?

Not too familiar with the details but I believe it's something to do with some automated verification via LetsEncrypt, probably this https://letsencrypt.org/docs/challenge-types/#http-01-challenge

[frank-trampe]

Oh. That makes sense. I was thinking that we'd need to put in a name service record, but I suppose that site works just as well to validate control if done right.