Configuring TLS certificates for HTTPS connections between clients and the CDN
To enable clients to request files over HTTPS (e.g., if you use a URI with the https
scheme or enabled a redirect from HTTP to HTTPS in the CDN resource settings), you need to configure TLS certificates for all domain names used for content distribution and specified in the resource. You can:
- Issue TLS certificates by Let's Encrypt® for each domain name.
- Use a single certificate for all domain names.
Make sure certificates are created or uploaded to Yandex Certificate Manager. Use either Let's Encrypt® certificate or user certificate.
Certificates should be configured when creating a resource. You can change their settings afterwards along with other basic resource settings. For more information, see these guides:
Checking rights for a domain
If you issued a Let's Encrypt certificate in Certificate Manager and use it in a CDN resource, you need to pass the domain rights check. Cloud CDN only supports the DNS
type of check for domain rights using TXT
or CNAME
DNS records. The CDN load balancer will return the 404
status code in response to queries to files at paths, such as /.well-known/acme-challenge/<filenme>
, that are used in HTTP
domain rights checks.
If you use a certificate of your own uploaded to Certificate Manager in a CDN resource, no domain rights check is required.