It would be nice to have TLS for the source repository browsing site, this URL gives me an error message:
https://source.myrepos.branchable.com/
source.myrepos.branchable.com uses an invalid security certificate. The certificate is only valid for the following names: *.branchable.com, branchable.com
Error code: SSL_ERROR_BAD_CERT_DOMAIN
It would be good to use letsencrypt for that, the difficulty is that they only allow renewing a limited number of certs per month, and doubling the number of domains would be problimatic.
There are ways to bundle multiple domain into a letsencrypt cert, and getting source.foo.branchable.com at the same time it gets foo.branchable.com is doable, but would add complexity.
It might be simpler to get rid of the "source." domain and move that to somewhere under the main domain. Where exactly to avoid conflicting with any page names? Probably not "/source" ...
We're using letsencrypt wildcard support -- but it only allows for a single level of domain name above the wildcard, so does not work for source.$foo.branchable.com.
Renaming them to source-$foo.branchable.com, with a redirect from the old domain seems like the best way.
I would go with $foo.source.branchable.com instead.
Could we get HSTS and redirects from http to https?
Adding the site to HSTS preloads and or https-everywhere would be good too.
It would be nice to be able to git clone over https too: