It is impossible to get a working SSL with Spaces.

Origin URL:

When creating a new Spaces on Digital Ocean and going to the given origin URL, both Firefox and Chrome warns that the SSL certificate is invalid.

The given error is:

This server could not prove that it is subdomain.domain.tld.ams3.digitaloceanspaces.com; its security certificate is from *.ams3.digitaloceanspaces.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

Edge URL

When enabling the CDN, and going to the given edge URL, another error is given (still, both Firefox and Chrome):

This server could not prove that it is subdomain.domain.tld.ams3.cdn.digitaloceanspaces.com; its security certificate is from *.ssl.hwcdn.net. This may be caused by a misconfiguration or an attacker intercepting your connection.

Custom URL

Finally, by using an automatic DO Let’s Encrypt certificate, and going to our custom URL subdomain.domain.tld, the same error arises:

This server could not prove that it is subdomain.domain.tld; its security certificate is from *.ams3.digitaloceanspaces.com. This may be caused by a misconfiguration or an attacker intercepting your connection.

What is weird is that the first error is contradictory - the given wildcard certificate should be just fine for our origin URL. We are on FRA1 region, and working with a .cloud TLD.

1 comment
  • I have this problem too, thankfully the subdomain cdn works, but gees, if we can’t use . in the bucket name.

    DON’T LET US CREATE A SPACE WITH THAT NAME! :facepalm:

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi @FlorianErnst ,

Actually,DigitalOcean only provide managed certificate with subdomains for *.{region}.digitaloceanspaces.com, doesn’t include *.*.{region}.digitaloceanspaces.com.You can set you bucket name as a-b.{region}.digitaloceanspaces.com while not a.b.{region}.digitaloceanspaces.com.Thats mean,when you are using a.b.{region}.digitaloceanspaces.com as your default bucket domain,you can’t access site with HTTPS.You can bind your custom domain and upload your SSL for it.

Hope helps,
Shiroka

Today, I faced the same problem. But I have never seen this issue before.

@Shiroka , it is not the bucket name problem. Problem appears when you try to load via CDN. For example:

https://{bucket}.{region}.cdn.digitaloceanspaces.com/

But once you remove “cdn” it works.

Submit an Answer