Question

Spaces CDN subdomain with manually generated SSL returns DNS_PROBE_FINISHED_NXDOMAIN

Hi all,

Background Through the App Platform, we have set up a static site with Strapi CMS and DO Spaces for files and images. The domain is hosted on Google Domains but we had delegated it to DO Nameservers and everything was working just fine.

Unfortunately, on the same domain we have our business email and due to garbage level rating of Digitalocean IP’s our email ended up blacklisted on most email platforms.

We have moved control over the domain back to Google Domains and set static site and Strapi CMS with CNAME records. This part works great. As a bonus instantly our emails get clean and out of the blacklist of any kind.

Problem During new set up of CDN subdomain for DO Spaces we have create manually SSL certificat via Let’s Encript certbot - because we are using App Platform and we do not have a place to install certbot for subdomains.

We have add CNAME record in Google Domains for subdomain pointing DO Spaces Orgin. Then we have upload SSL certificate to CDN subdomain in DO Spaces.And now the subdomain returns DNS_PROBE_FINISHED_NXDOMAIN error.

From admin panel we can see that files are added to DO Spaces and both Orgin and Edge links to files works but CDN link returns DNS_PROBE_FINISHED_NXDOMAIN.

Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Bobby Iliev
Site Moderator
Site Moderator badge
April 26, 2023

Hi there,

What I’ve done in the past for a similar use-case was to use Cloudflare as my DNS provider.

That way you can still point your MX record to your Google mail and use your emails there, and then also setup a CNAME for your Spaces domain by following the steps here:

  • Create Space + CDN
  • Create CNAME for your DigitalOcean CDN endpoint
  • Use Cloudflare’s tool to create origin server self-signed SSL Cert specifically for the CNAME created in step 2.
  • Use the Spaces CDN option to add a new subdomain certificate. Use the certificate details from step 3.
  • Make sure to include the CA certificate: https://developers.cloudflare.com/ssl/origin-configuration/origin-ca
  • You can then proxy via Cloudflare.

That way the Cloudflare SSL certificate can be valid for many years, rather than only 3 months as it is with Let’s Encrypt.

Hope that this helps!

Best,

Bobby

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

card icon
Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Sign up
card icon
Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We’d like to help.

Learn more
card icon
Become a contributor

You get paid; we donate to tech nonprofits.

Learn more
Featured on Community
Kubernetes CourseLearn Python 3Machine Learning in PythonGetting started with GoIntro to Kubernetes
DigitalOcean Products
CloudwaysVirtual MachinesManaged DatabasesManaged KubernetesBlock StorageObject StorageMarketplaceVPCLoad Balancers
Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow – whether you’re running one virtual machine or ten thousand.

Learn more ->
DigitalOcean Cloud Control Panel
Get started for free

Enter your email to get $200 in credit for your first 60 days with DigitalOcean.

New accounts only. By submitting your email you agree to our Privacy Policy.

© 2023 DigitalOcean, LLC.