I think it should help.
Thanks to Let's Encrypt, HTTPS has become a popular thing.
Since 2018, Readthedocs.org has partnered up with Cloudflare (blog: http://blog.readthedocs.com/https-for-custom-domains/). The only thing we need to do is to update the CNAME to point to readthedocs.io.
The reason why it works is, why we are trying to access readthedocs.io's server with docs.mailman3.org, we are actually accessing cloudflare server (dig readthedocs.io will find it). Cloudflare will then attempt to issue a DV SSL cert for the domain we are using (docs.mailman3.org for example). According to the CAB Forum, it is acceptable if cloudflare is able to verify the control via HTTP request, in this case of course.
Cloudflare itself now has a intermediate CA so they can issue a better-looking certificate, with the domain on the DV cert, instead of putting in a SAN.
Take another site as an example. https://docs.godotengine.org is hosted on readthedocs.org, and if we dig the domain (result here https://pastebin.aosc.io/paste/B61zNDovLWXIxXrxqsXmRw), you will see it simply CNAME to readthedocs.io.
In my opinion, there are two things we shall do,
- Update the CNAME
- See the status of the certificate on the domain page in project admin dashboard (Domains > Edit Domain)
There are some other ways. Such as use a reverse proxy to host docs, or simply redirect to <https://gnu-mailman.readthedocs.org>. It is up to you guys.
Hope I am not making mistakes :)
Side note: Adopting s similar approach, GitHub Pages supports custom domain HTTPS though they are using Fastly.
Best, Xiaoxing Ye