Configuring TLS certificates for HTTPS connections between clients and the CDN
To enable clients to request files over HTTPS (e.g., if you use a URI with the https
scheme or enabled redirection from HTTP to HTTPS in the CDN resource settings), you need to configure a TLS certificate for the domain name used to distribute content specified in the resource.
Note
We no longer support the automatic issue of Let's Encrypt® certificates for CDN resources.
Certificates from Yandex Certificate Manager are supported. You can issue a new Let's Encrypt® certificate or upload one of your own.
The certificate must be located in the same folder as your CDN resource.
The certificate is configured when creating a resource. You can change it afterwards together with other basic resource settings. For more information, see these guides:
Checking rights for a domain
If you issued a Let's Encrypt certificate in Certificate Manager and use it in a CDN resource, you need to pass the domain rights check. Cloud CDN only supports the DNS
type of check for domain rights using TXT
or CNAME
DNS records. The CDN load balancer will return the 404
status code in response to queries to files at paths, such as /.well-known/acme-challenge/<file_name>
, that are used in HTTP
domain rights checks.
If you use a certificate of your own uploaded to Certificate Manager in a CDN resource, no domain rights check is required.