I have a DO load balancer. There’s a subdomain that I want the load balancer to generate a Lets Encrypt SSL certificate for. I’ve created an NS record pointing the subdomain to DO’s name servers. Even though I can manage the subdomain via DO now the load balancer won’t create the cert. It says the domain is not managed by DO.
I contacted DO support and was told that Lets Encrypt will only create certs if the domain itself, not the subdomain, is under DO control. That’s not practical in my situation.
What have folks done in this situation? Have you created your own load balancer, e.g. with Apache httpd?
Thanks.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
I just found a workaround.
Spaces lets you create subdomain certs with Let’s Encrypt. Those subdomain certs will show up in the dropdown list on the Load Balancer. You basically can create a subdomain cert (for a CDN), save it, then remove it. The cert will still exist and will be available as an option in the load balancer dropdown.
It seems DO indeed has this ability but they forgot to add it to the Load Balancer cert creation dialog.
I believe this would explain my issue … my main domain is hosted on Netlify, who also manages my DNS records. I’m trying to set up a DO droplet on a subdomain to point to my Mautic install. I need the ssl so that I can link Mautic with Zapier.
I have the subdomain set up in DO, along with my Droplet. But DO won’t recognize my domain.
Agree with the comments above that this DNS limitation seems silly (although I don’t fully understand the tech here).
Other than adding more droplets and load balancers (that only seem to increase my cost), any solutions?
If you are managing the root domain using Digital Ocean, when you use that root domain and add a subdomain to that certificate, DO will Edit the root domain’s A record to point to the load balancer’s public IP. You can change the value of the root domain to whatever and change it back just before renewal, and always leave the subdomain’s A record pointing to the load balancer but this is not close to being ideal.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and SMBs
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.