Issue #3996 resolved

Custom domain feature is unusable

Kjarni
created an issue

If you visit for example: https://bb.kjarni.cc/

Which is set up as a "Custom Domain", you will notice that you get a very massive certificate error.

=== Possible Solutions === Not directing me to a secure site under the CNAME'd domain. Using a non-secure site to redirect me from the CNAME'd domain to the actual domain. Using a non-secure site to create an iframe to the target site. Making "Custom domains" be a subdomain of bitbucket.org using a certificate with *.bitbucket.org as an alias (see kjarni.cc's certificate as an example).

Good luck

Comments (12)

  1. Charles McLaughlin

    Hi Kjarni,

    We do not and cannot support https on 'custom domains'. I'll answer your proposed solutions inline:

    • Not directing me to a secure site under the CNAME'd domain.

    We do not have any redirects from http 'custom domains' to https 'custom domains'. For instance, http://bb.kjarni.cc/ does not redirect to a https url.

    • Using a non-secure site to redirect me from the CNAME'd domain to the actual domain.

    I'm not exactly sure what you mean here.

    • Using a non-secure site to create an iframe to the target site.

    This really isn't necessary since we don't support or redirect to https.

    • Making "Custom domains" be a subdomain of bitbucket.org using a certificate with *.bitbucket.org as an alias (see kjarni.cc's certificate as an example).

    We do support static hosting, but currently that's not setup for ssl with our wildcard certificate.

    I hope this addresses your concerns. The bottom line is we don't support ssl on 'custom domains'.

    Regards,

    Charles

  2. Anonymous

    Thing is that when i made the CNAME i just connect to it, there is no choice to choose http or a way for the connection to succeed. Wgich makes "Custom Domains" unusable. Because _every_ user that connects, will, no matter what get a certificate bad domain error.

  3. Luke Scott

    Looks like the custom domain feature now uses HTTP instead of HTTPS. Glad it works.

    I just wanted to point out that a dedicated IP address is no longer required for an SSL certificate using SNI. This works for most browsers, except those still on Windows XP. So there may be a small possibility to allow a user to upload their own SSL certificate for their domain, depending on the web server being used. It could be an "enterprise" feature.

  4. Chris Wright

    +1 for uploading our own SSL certificates

    Willing to pay for it and willing to suffer the SNI-only "limitation" (in the real world this is not actually limiting in any way).

  5. Nils Andreas Svee

    NB: This isn't in any way supported by Bitbucket, if you mess something up, you're on your own.

    I found a way around this using CloudFlares new free SSL feature

    1. If you haven't already, register your domain on CloudFlare and create a CNAME pointing to bitbucket.org
    2. Turn off CloudFlare for the (sub-)domain you're gonna be using, if you don't this won't work
    3. Follow the official instructions for setting up custom domains with Bitbucket
    4. Enable Full SSL for your domain on CloudFlare (not strict). You can also use a page rule if you only want a sub-domain to use SSL, see CloudFlares instructions for that
    5. Enable CloudFlare for your (sub-)domain.

    Now you should be good to go =)

  6. Log in to comment