# šŸ“Ž Codeberg Pages with SSL and Custom Domain By Artyom Bologov (A digitally hand-drawn thumbnail on white background. In the center, a Codeberg logo (triangular iceberg) is drawn in black and dark blue. Around it, handwritten ā€˜+aartaka.meā€™, ā€˜+SSLā€™, ā€˜+Artyomā€™, ā€˜+emailā€™, and ā€˜+SSGā€™ are floating. The handwriting is all wiggly, likely due to authorā€™s inexperience or negligence.) Yesterday night, Gitlab sent me an email saying Iā€™m running out of ā€œcompute minutes.ā€ Whatever that means. Most likely, I was running out of CI/CD resources when building this website on Gitlab Pages. Itā€™s been a thing going for some time: ā€“ Iā€™m trying some new absurd tech stack. ā€“ And Gitlab keeps sending me warnings regarding depleted resources. I guess I went overboard with using ed(1) as my new site generator . Nonetheless, thatā€™s not nice of Gitlab Pages offering ā€œinfinite and freeā€ website builds. And then saying I have no resources anymore. So I decided to do the most Saturday evening thing programmers do: migrate my website to an absolutely different hosting setup. To Codeberg Pages . Codeberg doesnā€™t offer some of the features Gitlab provides. In particular, no CI/CD/website builds, and no automatic SSL certificates. Thus this post: to document what I went through to reproduce my current setup on Codeberg: Domain: aartaka.me and subdomains, managed by Namecheap. SSL Certificates: With DNS verification, issued by Letā€™s Encrypt (because Iā€™m poor and anti-capitalist.) Email: Custom Domain Email by Disroot. Build process: Makefiles and ed(1). So hereā€™s how I went about it. ## Getting Started with Codeberg Pages (#pages) The documentation by Codeberg is good enough : Create a `pages` repository, add HTML files to the root, and `git push` them there. I diverged from these instructions once: I named the default branch ā€œpagesā€, instead of ā€œmainā€. This way, my website is deployed from ā€œpagesā€, while ā€œmainā€ is reserved for my experiments and drafts. I also had to move all my files to repository root. On Gitlab, I had them in `public/` subdirectory for deployment. But thatā€™s too minor to care. ## DNS & Email (#dns-email) Again, documentation by Codeberg works : Create a `.domains` file with your domains: =================================== dns =================================== aartaka.me aartaka.codeberg.page pages.aartaka.codeberg.page pages.pages.aartaka.codeberg.page ==================== My .domains contents ==================== and add DNS records: CNAME: The simplest case for when you only care about the website. Doesnā€™t work with e.g. my custom domain email setup. ALIAS: A simple enough case that works with my email. Thatā€™s the one I picked. A/AAAA: Didnā€™t try it, sorry. So hereā€™s my final setup: =================================== dns =================================== ALIAS @ codeberg.page. TXT @ pages.aartaka.codeberg.page ==================== DNS records for Codeberg Pages (as displayed by Namecheap, @ is aartaka.me) ==================== The email is managed by MX and SPF records, and ALIAS/TXT donā€™t interfere with these. Should be fine, given that Iā€™m still receiving spam. ## Setting Up SSL with Letā€™s Encrypt (#ssl) This is likely covered elsewhere, but I want to reproduce this anyway. Especially given that Codeberg docs donā€™t cover this except for one note in Custom Domain page. So I need to explain future myself how in the world all of this works. So... Letā€™s Encrypt. They are doing miracles, but they require domain ownership check first. And this check is done by putting a file into a `.well-known` subdirectory on the server. The problem is: Codeberg blocks requests to `.well-known`. So one has to use alternative verification strategies. Like DNS verification. Hereā€™s the DigitalOcean guide I followed <"https://www.digitalocean.com/community/tutorials/how-to-acquire-a-let-s-encrypt-certificate-using-dns-validation-with-acme-dns-certbot-on-ubuntu-18-04">. But the procedure is relatively simple: ā€“ Install certbot, ā€“ Download the certbot extension (acme-dns-auth.py) theyā€™re linking to, ā€“ Make it executable with `chmod +x acme-dns-auth.py`, ā€“ Add it to the path where certbot and find it: /etc/letsencrypt/acme-dns-auth.py ā€“ And run a magic incantation: =================================== sh =================================== sudo certbot certonly --manual --manual-auth-hook /etc/letsencrypt/acme-dns-auth.py --preferred-challenges dns --debug-challenges -d *.aartaka.me -d aartaka.me ==================== Certbot call with a DNS auth extension ==================== It provides all the instructions, and the guide above augments it. Here are the records I had to add: =================================== dns =================================== // Notice the single letsencrypt.org here: // Namecheap didnā€™t allow me to include any value beyond that. CAA 0 issue "letsencrypt.org" CNAME _acme-challenge xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx.auth.acme-dns.io. ==================== CAA record to allow certificates from Letā€™s Encrypt and the actual challenge value (redacted) ==================== After DNS records update (I waited for two minutes, but better wait five, just in case,) you can press to continue setup. Certbot will register the domain and generate your certificates. When the certificates expire, Iā€™ll have to run this scary one-liner again. But thatā€™s going to happen in 90 days, so who cares? ## Website Generation (#generation) Now the hardest part: Codeberg doesnā€™t offer any CI/CD beyond static resource publishing. I mightā€™ve tried to hack them or use some Turing-complete CI quirk. But I donā€™t want trouble. So Iā€™m generating my pages locally and then pushing them to Codeberg. Thatā€™s where the ā€œpagesā€ branch comes into play. Iā€™m keeping my ā€œmainā€ clean, and then switch to ā€œpagesā€ and generate all the posts in all the formats: =================================== sh =================================== git checkout pages git merge master make all -j 4 git commit --all -m "..." git push ==================== Every post publication procedure (I usually do that in Magit, though) ==================== I canā€™t imagine the trouble Iā€™d need to go through if I was using some fancy blog engine. Endless npm vulnerabilities and gigabytes of `node_modules`, likely. But, luckily, Iā€™m using ed(1) as my SSG and I donā€™t have to mess with any of that. And itā€™s taking a really short time to generate all 5 (!) formats for all the ~50 pages I have. So yes, you might be dissatisfied with Codeberg Pages if you want fancy blog engine builds somewhere in the cloud. But I donā€™t do that, so Iā€™m perfectly fine with Codeberg. Still, do give it a try! Copyright 2022-2025 Artyom Bologov (aartaka). Any and all opinions listed here are my own and not representative of my employers; future, past and present.