Not sure if it would help in your situation but I've moved all of my github pages to netlify.com and they have a one button https feature for custom domains.

I did the same. Between Netlify and Zeit.co's Now, I don't see any reason to complain about HTTPS, not to mention the devOps issues that both these services solve.

SSL requires one click with Netlify, and it's on by default with Now.

Btw the only problem I have with Netlify is the close name conflict with netflix. Chrome's autocomplete is completely confused.

Why do they need to support Wildcard Certificates for this? They have already starting rolling out https for custom domain GitHub Pages using LetsEncrypt - check your settings for an Enforce HTTPS option. All my GitHub Pages have it now.

That's great. I just checked and it isn't available/enabled here yet. I'm wondering if GitHub doesn't enable their own SSL if a user is providing that through a service like Cloudflare... perhaps I should disable the latter and see if that makes a difference.

Not Let's Encrypt, but you can run behind cloudflare's free plan for https.