Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Migrating to Yandex Cloud CDN from a third-party CDN provider

Written by
Updated at August 26, 2025

If your dynamic website uses a third-party CDN to deliver static content to users, you can seamlessly migrate to Yandex Cloud CDN. This tutorial explains how to migrate while keeping your content accessible at all times.

Solution architecture

To migrate smoothly, create a new CDN resource in Yandex Cloud CDN that uses the same origin as the third-party CDN. Register a new subdomain for the new CDN resource and create a new TLS certificate for the second-level domain and all its third-level subdomains in Yandex Certificate Manager.

Once you have made sure the new CDN resource is working properly, update the static content links on your dynamic website accordingly. Then, remove the third-party CDN and add its domain name as an additional one to your Yandex Cloud CDN resource.

Your dynamic website’s static content will stay continuously accessible as you migrate from a third-party CDN to Cloud CDN.

To migrate a CDN resource to Yandex Cloud CDN:

  1. Get your cloud ready.
  2. Add a TLS certificate to Yandex Certificate Manager.
  3. Create a CDN resource in Cloud CDN.
  4. Create a CNAME record for your new CDN resource's subdomain.
  5. Update your website to use the new CDN resource.
  6. Add an additional domain to the CDN resource in Cloud CDN.

Getting started

Sign up for Yandex Cloud and create a billing account:

  1. Navigate to the management console and log in to Yandex Cloud or create a new account.
  2. On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the ACTIVE or TRIAL_ACTIVE status. If you do not have a billing account, create one and link a cloud to it.

If you have an active billing account, you can navigate to the cloud page to create or select a folder for your infrastructure.

Learn more about clouds and folders here.

Access to DNS settings

Make sure you can access the DNS settings on your DNS hosting provider’s website. This is usually the company that registered your domain.

Your DNS provider's dashboard should already include a public domain zone matching your domain name, e.g., example.com.. This zone should contain a CNAME record for your current CDN subdomain, e.g., cdn.example.com, pointing to the third-party CDN provider.

The cost of the CDN infrastructure support includes fees for outbound traffic from CDN servers (see Cloud CDN pricing).

Add a TLS certificate to Yandex Certificate Manager

To ensure data encryption when accessing the new CDN resource, add a new TLS certificate issued by Let's Encrypt® for your website's domain and all its subdomains (wildcard certificate) to Yandex Certificate Manager:

  1. Create a new TLS certificate:

    1. In the management console, select the folder to add a certificate to.
    2. From the list of services, select Certificate Manager.
    3. Click Add certificate and select Let's Encrypt certificate.
    4. In the window that opens, enter a name for your certificate in the Name field, e.g., my-cdn-certificate.
    5. In the Domains field, specify the wildcard for your domain and its subdomains, e.g., *.example.com, where example.com is your website’s domain name.
    6. In the Check type field, select DNS.
    7. Click Create.

    1. Request a new wildcard certificate. To do this, run the following command:

      yc certificate-manager certificate request \
  --name my-cdn-certificate \
  --domains "*.<your_website_domain_name>"

      Where:

      • --name: Certificate name, e.g., my-cdn-certificate.
      • --domains: Wildcard for your domain and its subdomains, e.g., *.example.com, where example.com is your website’s domain name.

      Result:

      id: fpqba7lpgmp7********
folder_id: b1gt6g8ht345********
created_at: "2025-02-09T20:41:05.916923798Z"
name: my-cdn-certificate
type: MANAGED
domains:
  - '*.example.com'
status: VALIDATING
updated_at: "2025-02-09T20:41:05.916923798Z"

      Save the certificate ID (from the id field), as you will need it in the next steps.

      For more information about the yc certificate-manager certificate request command, see the CLI reference.

  2. Follow these steps to verify ownership of your domain:

    1. In the management console, select the folder to which you added the certificate.

    2. From the list of services, select Certificate Manager.

    3. From the list of certificates, select the one you need verified.

    4. In the window that opens, under Check rights for domains, you will see the details required to pass the domain rights check.

      In the CNAME record tab, copy and save the values of the Name and Value fields. You will need these to create a CNAME record.

    1. Retrieve the CNAME record values required for the domain rights check. To do this, run the following command while specifying the certificate ID you saved earlier.

      yc certificate-manager certificate get <certificate_ID> \
  --full \
  --format=json | \
  jq -r ".challenges[].dns_challenge"

      Result:

      {
  "name": "_acme-challenge.example.com.",
  "type": "CNAME",
  "value": "fpqba7lpgmp7********.cm.yandexcloud.net."
}
{
  "name": "_acme-challenge.example.com.",
  "type": "TXT",
  "value": "oRnpmIJau5SWFDYqKwwUJMn-61HHdulvqk7********"
}

      Save the values of the name and value fields for the CNAME record. You will need these to create a CNAME record.

      For more information about the yc certificate-manager certificate get command, see the CLI reference.

  3. Using the values from the previous step, create a CNAME record in your website's public DNS zone to verify your domain ownership:

    If you delegated your website domain to Yandex Cloud DNS, follow this tutorial to create a CNAME record. Otherwise, use your DNS provider's guides or contact their support.

    Note

    For a successful DNS domain rights check based on a CNAME record, make sure the _acme-challenge subdomain of the domain name you are checking has no other resource records except CNAME. For example, for the _acme-challenge.example.com. domain name, there should only be a CNAME record and no TXT record.

Wait for the domain rights check to complete successfully. The wildcard certificate will then be issued and get the Issued status.

You can check the certificate status on the certificate page in the management console or by running the yc certificate-manager certificate get <certificate_ID> CLI command.

Create a CDN resource in Cloud CDN

This section explains how to create a CDN resource with the Server origin type. If your origin is a Yandex Object Storage bucket or a Yandex Application Load Balancer, use this guide to create a CDN resource.

Create a CDN resource in Yandex Cloud CDN:

  1. In the management console, select the folder you are going to create your CDN resource in.
  2. From the list of services, select Cloud CDN.
  3. Click Create resource.
  4. Configure the basic CDN resource settings:
    • Under Content:
      • Enable Enable access to content.
      • In the Content query field, select From one origin.
      • In the Origin type field, select Server.
      • In the Origin domain name field, specify the domain name or public IP address of your static content origin.
      • In the Origin request protocol field, select the protocol the CDN resource will use to communicate with the origin. If you select HTTPS or Match client, make sure your origin supports HTTPS.
      • In the Domain name field, specify the new domain name you assigned to your new CDN resource, e.g., cdn-new.example.com.
    • Under Additional settings:
      • In the Redirect clients field, select Don't use.
      • In the Certificate type field, select Use from Certificate Manager and then, from the list that opens, select the certificate you created earlier, such as my-cdn-certificate.
      • In the Host header field, select Primary domain name.
  5. Click Continue.
  6. Under Caching, HTTP headers and methods, and Advanced, leave the default settings. Click Continue.

  1. Run this command:

    yc cdn resource create <subdomain_name> \
  --origin-custom-source '<origin_IP_address_or_domain_name>' \
  --origin-protocol '<origin_protocol>' \
  --cert-manager-ssl-cert-id <certificate_ID>

    Where:

    • <subdomain_name>: Domain name for which you created a CNAME record earlier and that the new CDN resource will use, e.g., cdn-new.example.com.

    • --origin-custom-source: Domain name or public IP address of your static content origin.

    • --origin-protocol: Protocol the CDN resource will use to communicate with the origin. The possible values are:

      • http: Use HTTP.
      • https: Use HTTPS.
      • match: Use the same value as that of the Host header in the client request to the CDN.

      If you select https or match, make sure your origin supports HTTPS.

    • --cert-manager-ssl-cert-id: TLS certificate ID saved earlier when creating the certificate.

    Result
    id: bc8cfqtx2mkx********
folder_id: b1gt6g8ht345********
cname: cdn-new.example.com
created_at: "2025-02-10T07:42:24.920162Z"
updated_at: "2025-02-10T07:42:24.920187Z"
active: true
options:
  edge_cache_settings:
    enabled: true
    default_value: "345600"
  query_params_options:
    ignore_query_string:
      enabled: true
      value: true
  stale:
    enabled: true
    value:
      - error
      - updating
origin_group_id: "352269"
origin_group_name: Origins for cdn-new.example.com (302798)
origin_protocol: HTTP
ssl_certificate:
  type: CM
  status: READY
  data:
    cm:
      id: fpqnetjumkhn********

    Save the new CDN resource’s ID (the id field value), as you will need it later.

    For more information about the yc cdn resource create command, see the CLI reference.

Warning

After the CDN resource is set up, it may take up to 15 minutes for it to go live.

Make sure the new CDN resource is working properly before proceeding with the next steps.

Create a CNAME record for your new CDN resource's subdomain

To seamlessly switch your website to the new CDN resource, you will need a new CDN subdomain. In your website's public DNS zone, create a CNAME record for the new CDN subdomain that the new CDN resource will use:

  • Record name: New CDN subdomain name, e.g., cdn-new.example.com..
  • Record type: CNAME.
  • Record value: cname value for the new CDN resource, available in the management console on the CDN resource page (e.g., 328938ed********.a.yccdn.cloud.yandex.net).

If you delegated your website domain to Yandex Cloud DNS, follow this guide to create a CNAME record. Otherwise, use your DNS provider's guides or contact their support.

Update your website to use the new CDN resource

Once you have created a new CDN resource in Cloud CDN and tested it, you can start updating your website configuration and removing the old CDN resource.

Redirect the static content links your dynamic website generates to the new CDN subdomain, e.g., by replacing cdn.example.com with cdn-new.example.com. It is your dynamic website's admin who must do this.

Once you have made all required changes, make sure the static content links your website generates are valid and the content is accessible. Also, make sure outbound traffic has stopped on the old CDN resource by using the statistics and monitoring tools from your third-party CDN provider.

Your dynamic website has now fully switched to Yandex Cloud CDN.

Update the CNAME record for the original CDN subdomain

To keep your website's original CDN subdomain working with the new Cloud CDN resource, replace the value of the resource CNAME record for the original subdomain with the one you got earlier:

  • Record name: Original CDN subdomain name, e.g., cdn.example.com..
  • Record type: CNAME.
  • Record value: cname value for the new CDN resource, available in the management console on the CDN resource page (e.g., 328938ed********.a.yccdn.cloud.yandex.net).

If you delegated your website’s domain to Yandex Cloud DNS, follow this tutorial to update the CNAME record. Otherwise, use your DNS provider's guides or contact their support.

Delete the third-party CDN

Once you have confirmed the original CDN resource from your third-party CDN provider is no longer sending outbound traffic, delete it. To do this, use the third-party DNS provider's guides or contact their support.

Add an additional domain to the CDN resource in Cloud CDN

Once you have deleted the third-party CDN resource that was using the original CDN subdomain, you can add that subdomain as an additional domain to your new Cloud CDN resource. To do this:

  1. In the management console, select the folder with your CDN resource.
  2. From the list of services, select Cloud CDN.
  3. In the line with the CDN resource you created earlier, click and select Edit.
  4. Under Domain names for content distribution, click Add domain name and then, in the field that appears, enter the domain name the old CDN resource used, e.g., cdn.example.com.
  5. Click Save.

  1. Run this command:

    yc cdn resource update <CDN_resource_ID> \
  --secondary-hostnames '<old_CDN_subdomain>'

    Where:

    • <CDN_resource_ID>: Cloud CDN resource ID you saved earlier.
    • --secondary-hostnames: Domain name that became available after deleting the third-party CDN resource, e.g., cdn.example.com.

    Warning

    This command will delete all additional domains previously linked to the CDN resource.

    To link an additional domain to a CDN resource that already has additional domains linked, list the domains in the --secondary-hostnames parameter while separating them with commas.

    Result
    id: bc845trezddi********
folder_id: b1gt6g8ht345********
cname: cdn-new.example.com
created_at: "2025-01-25T21:47:21.181871Z"
updated_at: "2025-02-10T17:10:37.511453Z"
active: true
options:
  edge_cache_settings:
    enabled: true
    default_value: "345600"
  query_params_options:
    ignore_query_string:
      enabled: true
      value: true
  stale:
    enabled: true
    value:
      - error
      - updating
  ignore_cookie:
    enabled: true
secondary_hostnames:
  - cdn.example.com
origin_group_id: "350569"
origin_group_name: Origins for cdn-new.example.com (301532)
origin_protocol: HTTP
ssl_certificate:
  type: CM
  status: READY

    For more information about the yc cdn resource update command, see the CLI reference.

Updating the CDN resource settings may take up to 15 minutes. After that, your new CDN resource will be accessible via both domain names, i.e., cdn-new.example.com and cdn.example.com.

See also

Previous
Terraform
Next
Setting up static website hosting in a Yandex Object Storage bucket with Yandex Cloud CDN access