Hi!
My Spaces CDN isn’t working because it is being served from the CDN with an SSL certificate for *.sfo3.digitaloceanspaces.com
instead of with my certificate, *.mysub.mydomain.com
. How do I fix this?
Here’s how I set it up:
myhost.mysub.mydomain.com
, pointing to my bucket, mybucket.sfo3.digitaloceanspaces.com
. DNS is working fine — myhost.mysub.mydomain.com
resolves to the right IP address.myhost.mysub.mydomain.com
. (Note that I’ve also tried this with a certificate for *.mysub.mydomain.com
, with the same results.)myhost.mysub.mydomain.com
. (Note that I’ve also tried this with a certificate for *.mysub.mydomain.com
, with the same results.)*.sfo3.digitaloceanspaces.com
instead of with my certificate, so the GET fails:% curl -v [https://myhost.mysub.mydomain.com/myobjectpath](https://myhost.mysub.mydomain.com/myobjectpath)
* Trying [123.45.67.89:443](https://123.45.67.89/)...
* Connected to myhost.mysub.mydomain.com (123.45.67.89) port 443 (#0)
* ALPN: offers h2 * ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem * CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: C=US; ST=New York; L=New York; O=DigitalOcean, LLC; CN=*.sfo3.digitaloceanspaces.com
* start date: Dec 9 00:00:00 2022 GMT
* expire date: Jan 2 23:59:59 2024 GMT
* subjectAltName does not match myhost.mysub.mydomain.com
* SSL: no alternative certificate subject name matches target host name '[myhost.mysub.mydomain.com](http://myhost.mysub.mydomain.com/)'
* Closing connection 0
curl: (60) SSL: no alternative certificate subject name matches target host name '[myhost.mysub.mydomain.com](http://myhost.mysub.mydomain.com/)'
More details here: [https://curl.se/docs/sslcerts.html](https://curl.se/docs/sslcerts.html)
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
What am I doing wrong? What can I do to make it work?
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Enter your email to get $200 in credit for your first 60 days with DigitalOcean.
New accounts only. By submitting your email you agree to our Privacy Policy.
… and here’s the answer:
My
myhost.mysub.mydomain.com
CNAME record is supposed to point to the CDN endpoint’s hostname, which is likemybucket.sfo3.cdn.digitaloceanspaces.com
. After I did that, it just worked. :-)