By FlorianErnst
It is impossible to get a working SSL with Spaces.
Origin URL:
When creating a new Spaces on Digital Ocean and going to the given origin URL, both Firefox and Chrome warns that the SSL certificate is invalid.
The given error is:
This server could not prove that it is subdomain.domain.tld.ams3.digitaloceanspaces.com; its security certificate is from *.ams3.digitaloceanspaces.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Edge URL
When enabling the CDN, and going to the given edge URL, another error is given (still, both Firefox and Chrome):
This server could not prove that it is subdomain.domain.tld.ams3.cdn.digitaloceanspaces.com; its security certificate is from *.ssl.hwcdn.net. This may be caused by a misconfiguration or an attacker intercepting your connection.
Custom URL
Finally, by using an automatic DO Let’s Encrypt certificate, and going to our custom URL subdomain.domain.tld, the same error arises:
This server could not prove that it is subdomain.domain.tld; its security certificate is from *.ams3.digitaloceanspaces.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
What is weird is that the first error is contradictory - the given wildcard certificate should be just fine for our origin URL. We are on FRA1 region, and working with a .cloud TLD.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Today, I faced the same problem. But I have never seen this issue before.
@Shiroka , it is not the bucket name problem. Problem appears when you try to load via CDN. For example:
https://{bucket}.{region}.cdn.digitaloceanspaces.com/
But once you remove “cdn” it works.
Hi @FlorianErnst ,
Actually,DigitalOcean only provide managed certificate with subdomains for *.{region}.digitaloceanspaces.com, doesn’t include *.*.{region}.digitaloceanspaces.com.You can set you bucket name as a-b.{region}.digitaloceanspaces.com while not a.b.{region}.digitaloceanspaces.com.Thats mean,when you are using a.b.{region}.digitaloceanspaces.com as your default bucket domain,you can’t access site with HTTPS.You can bind your custom domain and upload your SSL for it.
Hope helps, Shiroka
I am facing the same issue. There’s no “.” or “:” in the name. I have just the alphabets.
Here’s the error:
javax.net.ssl.SSLException: Certificate for <searchmytoy.sfo2.cdn.digitaloceanspaces.com> doesn't match any of the subject alternative names: [*.ssl.hwcdn.net, ssl.hwcdn.net]
For me, the issue is with old Android device (Android 6).
Also note that if i remove “cdn” from the url everything works fine. That means"searchmytoy.sfo2.digitaloceanspaces.com" works fine.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.