Configuring TLS certificates for HTTPS connections between clients and the CDN

To enable clients to request files over HTTPS (e.g., if you use a URI with the https scheme or enabled redirection from HTTP to HTTPS in the CDN resource settings), you need to configure a TLS certificate for the domain name used to distribute content specified in the resource.

Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.

The certificate must be located in the same folder as your CDN resource.

The certificate is configured when creating a resource. You can change it afterwards together with other basic resource settings. For more information, see these guides:

• Creating a resource
• Editing the basic settings of a resource

Domain rights checkDomain rights check

If you issued a Let's Encrypt certificate in Certificate Manager and use it in a CDN resource, you need to pass the domain rights check. Cloud CDN only supports the DNS type domain rights check using a TXT or CNAME DNS record. The CDN load balancer will return the 404 status code in response to file requests over paths formatted as /.well-known/acme-challenge/<file_name> that are used for HTTP domain rights checks.

If you use a certificate of your own uploaded to Certificate Manager in a CDN resource, no domain rights check is required.

Use casesUse cases

• Migrating to Yandex Cloud CDN from a third-party CDN provider
• Providing secure access to content in Cloud CDN