GitHub Pages “Enforce HTTPS” looks enabled.
The cert was never provisioned, and GitHub doesn't alert you.
Jekyll agencies deploying to GitHub Pages, Netlify, and Vercel face SSL failures that don't surface in the deployment dashboard. GitHub Pages requires 4 A records for apex domains — any missing record after a client registrar change causes silent SSL failure. Netlify and Vercel auto-renew SSL only if the CNAME delegation stays intact. Merlonix monitors DNS integrity and SSL expiry across every Jekyll client deployment.
No credit card for the trial. Cancel any time.
- Check cadence (Agency)
- 5 min
- SSL pre-expiry alert
- 30 days
- Independent DNS resolvers
- 3
- Vendors watched
- 11
Where Jekyll agencies get caught out
Three failure modes specific to Jekyll client deployments on GitHub Pages, Netlify, and Vercel.
Jekyll agencies deploying to GitHub Pages deal with silent SSL provisioning failures after DNS changes, the 4 A-record requirement for apex domains that fails partially without alerting anyone, and Netlify or Vercel SSL renewal failures when CNAME records drift during client registrar migrations.
GitHub Pages HTTPS never provisioned
GitHub Pages "Enforce HTTPS" stays checked even when the Let's Encrypt cert was never provisioned
A client migrating from an old registrar to Cloudflare Registrar expects the transfer to be transparent. The agency configures the custom domain in the Jekyll repository settings and enables "Enforce HTTPS." GitHub Pages checks DNS at that moment and does not find the expected records resolving correctly — provisioning fails. The repository settings show the custom domain and the HTTPS enforcement checkbox as active. Visitors to the site receive a browser warning that the connection is not secure. The agency does not receive any notification from GitHub that provisioning failed. The failure is discovered when the client reports the security warning, often days after the DNS migration.
GitHub Pages missing apex A record
GitHub Pages validates all four apex A records at renewal, so a DNS rebuild that drops one fails SSL silently
When a client asks their IT team to "move the DNS" to a new registrar or DNS manager, the team commonly transfers the www CNAME correctly but manually rebuilds the apex A records from memory — and gets 1 or 2 of the 4 required GitHub Pages A records. GitHub Pages validates all four IP addresses when running Let's Encrypt certificate renewal. If one of the four is missing from the DNS zone, the renewal attempt fails. The existing certificate continues serving until it expires — 90 days from the last successful renewal. The gap between the DNS change and the certificate expiry means the agency may not notice the misconfiguration until the certificate expires and GitHub Pages stops serving HTTPS.
Netlify/Vercel CNAME drift
Netlify and Vercel auto-renew SSL only while the CNAME resolves to their edge, so client DNS drift fails renewal
A Jekyll site deployed to Netlify for form submissions and build preview URLs has a CNAME record pointing www.clientsite.com to the Netlify subdomain. A year after the initial deployment, the client moves their domain to a new registrar during a brand refresh. The DNS zone is rebuilt, but the CNAME record for www is pointed at the old hosting provider rather than Netlify, or the CNAME is omitted entirely. Netlify's automatic renewal runs 30 days before the certificate expires, checks that www.clientsite.com still resolves to Netlify infrastructure, and fails the renewal when the CNAME no longer points correctly. Netlify does not notify the team on failed renewal. The certificate expires 30 days later.
How it works
SSL and DNS monitoring for Jekyll agencies across GitHub Pages, Netlify, and Vercel deployments.
Merlonix monitors A record integrity for GitHub Pages 4-record apex requirements, CNAME delegations for Netlify and Vercel deployments, and SSL expiry across every Jekyll client domain — and catches SSL provisioning failures before GitHub, Netlify, or Vercel returns a certificate error to site visitors.
01
Add Jekyll site custom domains and deployment endpoints across GitHub Pages, Netlify, and Vercel
Verify ownership with a DNS TXT record on the apex domain. All subdomains under that apex — www, blog subdomains, and API endpoints for Jekyll sites with headless backends — are added without additional verification. Monitoring both the apex and www separately is critical for Jekyll sites on GitHub Pages, where apex A record requirements and www CNAME requirements are validated independently. Under two minutes per client.
02
A record and CNAME integrity monitoring for GitHub Pages 4-record apex requirements and Netlify/Vercel CNAME delegations
Three independent DNS resolvers check every A record and CNAME delegation on every monitoring interval. When a client changes DNS registrar and one of the four required GitHub Pages A records is missing from the new DNS zone, the missing record is detected immediately — before the Let's Encrypt renewal fails. When a client's CNAME for www drifts away from the Netlify or Vercel edge target, the mismatch surfaces at the next monitoring interval rather than when the next renewal attempt fails.
03
SSL monitoring 30 days before expiry on all Jekyll custom domains including GitHub Pages and CDN-deployed sites
Full SSL chain validation on every Jekyll client domain — GitHub Pages, Netlify, and Vercel deployments included. An expiry alert fires 30 days before the certificate expires — enough lead time to correct a missing A record on the GitHub Pages configuration, fix a CNAME that has drifted away from Netlify, or re-enable HTTPS enforcement in the GitHub repository settings. Monitoring against the Let's Encrypt 90-day expiry is the safety net that catches DNS drift before it becomes a customer-visible SSL error.
04
Vendor status for GitHub Pages, Netlify, and Vercel to distinguish platform incidents from client DNS failures
Merlonix monitors GitHub Pages, Netlify, and Vercel status alongside client SSL and DNS. When a GitHub Pages infrastructure incident causes SSL provisioning failures across multiple client repository deployments simultaneously, you see the vendor event — not a series of individual client alerts that each require separate investigation to determine whether the root cause is a GitHub platform issue or a client-specific DNS misconfiguration.
What the numbers mean for Jekyll agencies
Monitoring built for Jekyll agencies where GitHub Pages SSL provisioning fails silently and the deployment dashboard shows everything as healthy.
Jekyll agencies on GitHub Pages need DNS monitoring that covers every A record in the apex domain configuration — because GitHub Pages validates all four records during SSL renewal, and one missing record after a client registrar migration breaks HTTPS without any alert from GitHub or the repository settings UI.
< 10 min
Time from DNS change to alert — catches missing GitHub Pages A records and Netlify/Vercel CNAME drift caused by client registrar migrations before the Let's Encrypt certificate expires and site visitors see an insecure connection warning
30 days
SSL expiry warning lead time — enough time to identify and correct a missing GitHub Pages A record, fix a drifted Netlify CNAME, or re-provision Vercel SSL before the browser begins blocking the client's Jekyll site
11 vendors
Upstream services monitored — GitHub Pages, Netlify, and Vercel included to distinguish platform incidents from individual client DNS changes affecting Jekyll site SSL renewal
200 assets
Maximum monitored domains on the Agency plan — covers primary custom domains, www and apex separately, blog subdomains, and API endpoints across a full Jekyll client portfolio
Pricing
Flat monthly fee. Every Jekyll client domain and deployment endpoint included.
No per-domain charges. No per-deployment fees. Pick the tier that fits your Jekyll client count and monitor every custom domain across GitHub Pages, Netlify, and Vercel without billing surprises.
Starter
For individual Jekyll developers managing a small client portfolio on GitHub Pages or Netlify.
$19/ month
- 15 monitored assets
- 3 seats
- 5 min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Team
For Jekyll agencies managing multiple client deployments across GitHub Pages, Netlify, and Vercel.
$79/ month
- 60 monitored assets
- 10 seats
- 1 min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Agency
For agencies with a full Jekyll client roster across multiple static deployment platforms.
$199/ month
- 250 monitored assets
- Unlimited seats
- 1 min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Compliance
For regulated-vertical teams that need continuous, audit-ready evidence.
$699/ month
- 500 monitored assets
- Unlimited seats
- 1 min check cadence
- SSL + DNS + vendor monitoring
- Email + Slack alerts
Know when a Jekyll client domain SSL is silently failing on GitHub Pages.
Add your first Jekyll client domain in under two minutes. GitHub Pages, Netlify, and Vercel deployments are monitored from the same dashboard. 14-day trial, no card required.