Configuring TLS certificates for HTTPS connections between clients and the CDN
To enable clients to request files over HTTPS (e.g., if you use a URI with the https
scheme or enabled redirection from HTTP to HTTPS in the CDN resource settings), you need to configure a TLS certificate for the domain name used to distribute content specified in the resource.
Note
We no longer support the automatic issue of Let's Encrypt® certificates for CDN resources.
Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.
The certificate must be located in the same folder as your CDN resource.
The certificate is configured when creating a resource. You can change it afterwards together with other basic resource settings. For more information, see these guides:
Domain rights check
If you issued a Let's Encrypt certificate in Certificate Manager and use it in a CDN resource, you need to pass the domain rights check. Cloud CDN only supports the DNS
type domain rights check using a TXT
or CNAME
DNS record. The CDN load balancer will return the 404
status code in response to file requests over paths formatted as /.well-known/acme-challenge/<file_name>
that are used for HTTP
domain rights checks.
If you use a certificate of your own uploaded to Certificate Manager in a CDN resource, no domain rights check is required.