How to use Digitalocean Spaces Subdomain with CloudFlare FREE SSL?
Asked Answered
A

3

9

I am using Spaces S3 storage on DigitalOcean. To add a subdomain for my Spaces, an SSL certificate is required to be uploaded. I am trying to use the Cloudflare Free Edge SSL certificate, and forward my requests from my subdomain.company.com to Spaces Endpoint.

Anaptyxis answered 2/5, 2020 at 6:58 Comment(0)
A
33

I've figured it out, this is how it works for me.

  1. Create a DigitalOcean Space with the CDN option selected. The space name must match the fully-qualified subdomain you want to use, e.g. cdn.example.com if you were using that domain.
  2. Create the desired CNAME for your DO CDN on Cloudflare. For the CNAME record value use the CDN endpoint value provided by DO. Keep the "proxied" toggle on.
  3. Use Cloudflare Dashboard to create origin server self-signed SSL Cert specifically for the CNAME (Custom domain) created in step 2.
  4. Use DO Spaces CDN option to add a new subdomain SSL certificate created from Step 3. Add Name, Cert, Key, and your Custom Domain value and Save.
  5. Done! Cloudflare is now proxying your DO CDN domain, and your files on DO Spaces can be served on a Custom Domain.
Anaptyxis answered 8/5, 2020 at 21:58 Comment(5)
In step 2 what is the different between "Proxied" and "DNS Only"? As DO is already providing CDN should one just choose DNS Only?Audwen
@entron You need to enable PROXIED on CloudFlare for the CloudFlare Self-signed SSL cert to work. It doesn't work with DNS only.Anaptyxis
I am newbie to networking and trying to do this exact same thing but was not to figure out the 3rd step. I registered a domain in godaddy.com (example.com) and added digital ocean nameservers for the domain. Now in the Digital ocean, I added the domain that I bought. Under CName section, I added hostname: xyz.example.com and for is an alias: digitalocean cdn url(bucket.sfo.digitalocean.com). When I go to cloudflare and trying to add the site (xyz.example.com) it gives error only route domain should be added. Please help in what I am doing wrong? Also, do I need to have paid cloudflare account?Purkey
Thank you for the solution! One more thing: I needed to create a new space with the desired name and copy all the files to the new one. Remember to set your file's permissions to public or else you get 403 access denied.Taxable
DO no longer supports CF Origin CA certs. "You cannot secure a CDN’s subdomain with a CloudFlare Origin CA certificate or with a custom wildcard SSL certificate that you are already using elsewhere in your account." source: docs.digitalocean.com/products/spaces/how-to/…Arroba
G
11

I was still running into issues with Manoj's solution. Eventually I was able to resolve it. The problem was that the space name must match the custom subdomain exactly, e.g.:

cdn.example.com
Gall answered 25/1, 2021 at 18:16 Comment(2)
That's wild and totally undocumented, and you can't rename Spaces. But good to know!Asclepiadean
This is also true for Cloudflare CDN on top of AWS S3.Arroba
M
1

Another way to do it:

  1. Create a DigitalOcean Space.

  2. Create a Cloudflare SSL > Origin Server certificate.

    Your hostname should point to your custom subdomain exactly. ex: cdn.example.com. Save certificate and key.

  3. Enable CDN on your DigitalOcean Space and add subdomain.

    Enter recently created ssl certificate and key. Once you add this you should be able to select ex: cdn.example.com from the custom subdomain select box.

  4. Create a Cloudflare DNS > CNAME record.

    Use desired CNAME for your DigitalOcean CDN on Cloudflare ex: cdn. For the CNAME record value use the CDN endpoint value provided by DigitalOcean. Keep the "proxied" toggle on.

Mottle answered 12/6, 2023 at 21:25 Comment(0)

© 2022 - 2025 — McMap. All rights reserved.