> GitHub Pages doesn't support external SSL certificates directly. We only officially support certificates that are generated and manged by GitHub itself.

> While it is possible to set up your own certificate service using 3rd parties like Cloudflare, these won't link in with the "Enforce HTTPS" option in the repository settings, and this will remain disabled even when you've manually set up HTTPS.

> Cloudflare enables their HTTP/DNS proxy feature by default, meaning GitHub isn't able to see the DNS records required to generate an HTTPS certificate. You'll need to disable this for any DNS records that point towards GitHub.

> ... for GitHub to handle the renewal of HTTPS certificates automatically you need your DNS records to point to GitHub IPs.

> If you do use GitHub's service and enforce HTTPS, it means you would also be using our CDN as well! If you are determined to use an external service, then yes, you would need to manage the renewal yourself.

前提是要用 GitHub 的 HTTPS 啦。
https://help.github.com/articles/securing-your-github-pages-site-with-https