Bankbonimus - Current State

Last Updated: 2026-01-11 15:41 EST

Critical Issue: SSL Certificate Stuck

Problem

The GitHub Pages SSL certificate for bankbonimus.com / www.bankbonimus.com expired on January 10, 2026 and auto-renewal is stuck in “new” state for >24 hours.

Current Status

HTTP: Working (http://bankbonimus.com redirects to http://www.bankbonimus.com which returns 200)
HTTPS: Broken - serves expired certificate, browsers reject with security warning
Certificate State: Stuck at "new" per GitHub API
GitHub Support Ticket: Submitted on 2026-01-11, awaiting response

How to Check Status

# Check certificate state via GitHub API
cd "/Users/theo/MIT Dropbox/Theodore Caputi/bankbonimus/bankbonimus"
gh api repos/tlcaputi/bankbonimus/pages --jq '.https_certificate'

# Check actual certificate from server
echo | openssl s_client -servername www.bankbonimus.com -connect www.bankbonimus.com:443 2>/dev/null | openssl x509 -noout -dates

# Test HTTPS (should fail with cert error until fixed)
curl -sI https://www.bankbonimus.com/ 2>&1 | head -5

What Was Tried (All Failed to Fix)

Removed and re-added custom domain via API multiple times
Switched between apex domain (bankbonimus.com) and www subdomain (www.bankbonimus.com)
Deleted and recreated CNAME file in repository
Added CNAME to Jekyll include: in _config.yml (line 76) to ensure it’s in deployed _site/
Triggered multiple fresh deployments
Waited >24 hours
Verified DNS is correct (A records, CNAME, no CAA blocking)

DNS Configuration (Verified Correct)

# A records for apex domain
bankbonimus.com → 185.199.108.153, 185.199.109.153, 185.199.110.153, 185.199.111.153

# CNAME for www subdomain
www.bankbonimus.com → tlcaputi.github.io

Next Steps

Wait for GitHub Support response - ticket submitted with full diagnostics
Alternative: If GitHub doesn’t respond within 48 hours, consider Cloudflare:
- Create free Cloudflare account
- Add domain to Cloudflare
- Change nameservers at IONOS to Cloudflare’s
- Cloudflare provides instant SSL via their edge certificates

Completed Work This Session

1. Laundry Page Updates (`_pages/laundry.md`)

Added clear step-by-step sock folding instructions in a table format
Added “KEY STEP” highlight for the critical cuff-folding step
Added “Why this matters” callout box
Added external images for correct/incorrect sock folding examples
Added colored outlines: green box around “Correct”, red box around “Incorrect”
Made page mobile-responsive with CSS media queries
Used inline styles to override Jekyll theme (class-based CSS wasn’t rendering)

2. Domain DNS Configuration

All bankbonimus domains now point to GitHub Pages IPs:

bankbonimus.com - A records to GitHub Pages IPs
bankbonimus.info - A records to GitHub Pages IPs
bankbonimus.online - A records to GitHub Pages IPs
bankbonimus.store - A records to GitHub Pages IPs

DNS managed via IONOS API. Credentials stored in .ionos-credentials (gitignored).

3. Jekyll Configuration Fix

Added CNAME to the include: list in _config.yml so Jekyll copies it to _site/ during build. Previously CNAME was not being included in the deployed artifact.

Key Files

File	Purpose
`_pages/laundry.md`	Laundry instructions page with sock folding guide
`_config.yml`	Jekyll config - CNAME added to include list (line 76)
`CNAME`	Contains `www.bankbonimus.com`
`.ionos-credentials`	IONOS API credentials (gitignored)
`.github/workflows/jekyll.yml`	GitHub Actions workflow for Pages deployment
`.CHANGELOG/`	Session change logs

IONOS API Access

Credentials are in .ionos-credentials:

IONOS_API_PREFIX=b48c1e3e536642338628b09bb6c3fd10
IONOS_API_SECRET=<redacted - see file>

Example API call:

source .ionos-credentials
curl -X GET "https://api.hosting.ionos.com/dns/v1/zones" \
  -H "X-API-Key: ${IONOS_API_PREFIX}.${IONOS_API_SECRET}"

For New Agent: Start Here

Check if SSL is fixed: Run the status check commands above
If still broken: Check email for GitHub Support response, or escalate/try Cloudflare
If fixed: Enable HTTPS enforcement via gh api repos/tlcaputi/bankbonimus/pages -X PUT -F https_enforced=true