DigitalOcean

Report this

What is the reason for this report?
Question

Digitalocean CDN, custom domain and Cloudflare SSL

Posted on August 3, 2021
CDN
PDVJAM

By PDVJAM

Hey! We use Digitalocean’s spaces with enabled CDN to keep static files. And we decided to try a custom domain. To do that, I have created an Origin SSL certificate in my Cloudflare Dashboard and loaded it to the DO. Then I just applied it to CDN’s custom domain. Also, I have created a CNAME record: cdn.my.domain -> DO’s Edge URL. So far looks good, but: While I can reach my files with new name via HTTP, HTTPS doesn’t work and I see that error:

  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS alert, handshake failure (552):
  • error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
  • Closing connection 0 curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

I have tried to:

  1. add Cloudflare Origin CA root certificate to DO;
  2. enable SSL Full (strict).
  3. checked cert and key with openssl, they are valid. Nothing works. Have anyone seen such an error? Any ideas what might be wrong?


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
PDVJAM
PDVJAM
August 4, 2021

Accepted Answer

OK, looks like Cloudflare doesn’t allow “deep” subdomains for non-paid customers. That was the issue. Something like https://developers.cloudflare.com/ssl/edge-certificates/advanced-certificate-manager can help in that situation.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.