Question

Spaces CDN returns SignatureDoesNotMatch

  • Posted November 27, 2018
  • CDN

Hi! I’m successfully using DO Spaces with an Elixir libarary to build presigned urls:

signed_url =
  AWSAuth.sign_url(
    @access_key,
    @secret_key,
    "get",
    "https://mybucket.ams3.digitaloceanspaces.com/mybucket/0342cfce-f037-49c6-976f-97b2b8ec6f19.pdf",
    "ams3",
    "s3"
  )

This works fine, but I want to use the CDN to speed up the requests. I tried to add .cdn to the URL:

signed_url =
  AWSAuth.sign_url(
    # ...
    "https://mybucket.ams3.cdn.digitaloceanspaces.com/mybucket/0342cfce-f037-49c6-976f-97b2b8ec6f19.pdf",
    # ...
  )

However, this doesn’t work – I always get the following error:

<Error>
  <Code>SignatureDoesNotMatch</Code>
  <RequestId>tx000000000000049363e85-005bfd730a-b8ca18-ams3a</RequestId>
  <HostId>b8ca18-ams3a-ams3</HostId>
</Error>

I also tried signing the URL without .cdn and just accessing it with .cdn, but got the same error. What am I doing wrong?

Subscribe
Share

I have the same question. I am using Laravel which uses the Flysystem library. Pre-signed requests (using Storage::disk('s3')->temporaryUrl('file.jpg', now()->addMinutes(10)) works fine with the origin server, but as soon as I add the .cdn to the URL it behaves exactly the same. I would like to be able to use the CDN, but have turned it off for now :(.


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

I am interested in the same thing. Is it possible to use the CDN with pre-signed requests?

php? $space = new SpacesConnect($key,$secret,$space_name,$region,‘cdn.digitaloceanspaces.com’);

Also affected here.

Hi, I’m also having issues with this. I’m using Symfony with Flysystem. I have this configuration:

chd.s3_client:
        class: Aws\S3\S3Client
        arguments:
            -
                endpoint: 'https://ams3.cdn.digitaloceanspaces.com'
                version: 'latest'
                region: 'ams'
                credentials:
                    key: "my_key"
                    secret: "my_secret"

But i always get the same SignatureDoesNotMatch error. If i remove cdn from endpoint it works, but without this, i agree with Coreinsanity, Digital Ocean spaces won’t be useful

I’m also having issues with this.

I can setup the S3 client and get a presigned URL like so: (C#)

            var clientConfig = new AmazonS3Config()
            {
                ServiceURL = S3_HOST
            };

            var client = new AmazonS3Client(S3_KEY, S3_SECRET, clientConfig);

            var objects = client.ListObjectsAsync(S3_BUCKET).Result;

            var presigned = client.GetPreSignedURL(new GetPreSignedUrlRequest()
            {
                BucketName = S3_BUCKET,
                Key = objects.S3Objects.First().Key,
                Expires = DateTime.Now.AddHours(1)
            });

However it does not “CDNify” the presigned URL, and adding CDN to it results in it being invalid.

Is there a way to generate CDN Presigned URLs? Without this feature, the Digital Ocean spaces and CDN kind of go out the window for our use case :(