Replacing SSL certificate for Spaces CDN

September 23, 2019 95 views
DigitalOcean

I’m using the bring-my-own-certificate feature of the Spaces CDN. The certificate currently installed expires soon, so I have generated a replacement for it. I have installed the new certificate under Account -> Security, and it shows up there just fine.

When I go to choose the new certificate under the Spaces CDN settings, I simply get “Server Error”.

After some back-and-forth with Digital Ocean Support, the answer they gave me is that they don’t support having two certificates with the same hostname. The solution they say is to wait until the old certificate totally expires, then delete it and add my new certificate, and configure the CDN with it.

This is an unacceptable solution to me, as this creates at least a few minutes of downtime. It is also unnecessarily risky… should something go wrong with the new certificate, I can’t just keep using the old one while I work out the problem.

I’m assuming that the support rep is incorrect. Otherwise, everyone using this feature would have to have some downtime whenever they need to update their certificate. Surely this system wasn’t designed this way, and that there’s some other way to update the certificate.

Has anyone else ran into this problem and/or solved it?

1 Answer

The latest from support:

Thank you for contacting DigitalOcean Support. While I do agree with you that supporting multiple certificates on a single hostname would be ideal it is unfortunately not implemented yet. Please keep in mind the platform is still fairly new and is constantly being updated. We can forward this feature request to our engineering teams for you.

Looks like this isn’t possible for now.

Have another answer? Share your knowledge.