Spaces Object Storage is an S3-compatible object storage service. Spaces buckets let you store and serve large amounts of data, and the built-in CDN minimizes page load times and improves performance.
After you enable the Spaces CDN, the CDN’s edge servers begin caching and serving the contents of the Spaces bucket from the default CDN endpoint, <spacename>.<region>.cdn.digitaloceanspaces.com
. Optionally, you can also configure a secure subdomain you own as an alternative endpoint, like images.example.com
.
For security, any subdomain you use with the Spaces CDN must have an SSL certificate. When you configure a custom endpoint, you can either create a new certificate during setup, upload an existing certificate during setup, or choose a certificate that is already uploaded to your DigitalOcean account.
You can add a custom subdomain to the Spaces CDN either when you create a new bucket with the CDN enabled or in an existing Space’s CDN settings.
The Spaces creation page and existing buckets’ Settings pages have the same CDN (Content Delivery Network) section. In this section, the Use a custom subdomain pull-down menu lists any subdomain SSL certificates already uploaded to your account.
If you already have a certificate for the subdomain you want to use, select it from the menu and click Save to finish configuring the custom endpoint. We automatically create a CNAME record for it if necessary and start serving content from that subdomain.
If you don’t already have a certificate uploaded for the subdomain you want to use, click the +Add a new subdomain certificate option. This opens a window that gives you two options:
Use Let’s Encrypt. If you manage your domain’s DNS with DigitalOcean, you can create a free, fully managed SSL certificate with our Let’s Encrypt integration. This option requires the least amount of manual setup.
Bring your own certificate. If you host your domain’s DNS with a provider other than DigitalOcean, you can manually create and upload a certificate. This option is best if you don’t want to use DigitalOcean to manage your DNS, if you want to generate your own certificate, or if you want to upload an existing certificate.
After you click the Use Let’s Encrypt tab, select the domain you want to use. When you do, the Which subdomain would you like to use with this Space? option appears. You can select an existing subdomain or choose a new one.
Enter a name for the certificate, then click Generate Certificate and Use Subdomain. This automatically creates the necessary CNAME for the subdomain and verifies the SSL certificate. When your subdomain is ready to use, which typically takes a few seconds, you will receive a notification in the control panel.
After you click the Bring your own certificate tab, the window displays several fields for you to upload your certificate.
Enter the name, certificate, private key, and certificate chain in the respective fields, then click Add Certificate and Use Subdomain.
Where you can find this information depends on where and how you generated your key. For example, if you manually created a key with Certbot, your keys and certificates are typically in /etc/letsencrypt/live
.
Finally, using your DNS management provider, add a CNAME record pointing from the subdomain to the default CDN endpoint to start serving content from the custom subdomain.
From the bucket’s Settings page, in the CDN (Content Delivery Network) section, open the pull-down menu with the current subdomain.
To switch subdomains, you can choose another certificate or add a new subdomain certificate here.
To remove the subdomain entirely and serve content only from the default CDN endpoint, click Remove Custom Subdomain, then click Save. In the window that opens, confirm the removal by typing the name of the subdomain and clicking Remove subdomain.