Hey! We use Digitalocean’s spaces with enabled CDN to keep static files. And we decided to try a custom domain. To do that, I have created an Origin SSL certificate in my Cloudflare Dashboard and loaded it to the DO. Then I just applied it to CDN’s custom domain. Also, I have created a CNAME record: cdn.my.domain -> DO’s Edge URL. So far looks good, but: While I can reach my files with new name via HTTP, HTTPS doesn’t work and I see that error:
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
- TLSv1.3 (OUT), TLS handshake, Client hello (1):
- TLSv1.3 (IN), TLS alert, handshake failure (552):
- error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
- Closing connection 0 curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
I have tried to:
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Accepted Answer
OK, looks like Cloudflare doesn’t allow “deep” subdomains for non-paid customers. That was the issue. Something like https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager can help in that situation.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
Full documentation for every DigitalOcean product.
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.
New accounts only. By submitting your email you agree to our Privacy Policy
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.