SSL certificate for Spaces of Digitalocean not valid

I created and downloaded an SSL certificate for a Spaces Digitalocean to use as a CDN for my site with the following url

I tried to use this url as cdn (via a cdn key cdn plugin) but it sends me back an SSL error (Invalid CDN Hostname: cURL error 60: SSL certificate problem: unable to get local issuer certificate).
To confirm I went to the sslchecker site and it actually gives me that The certificate is not trusted in all web browsers. You may need to install an intermediate / chain certificate to link it to a trusted root certificate.

I have to admit that I don’t know what it means and how to fix.

When I created an SSL certificate with Cloudflare on an address connected to the main domain, shouldn’t it be valid everywhere and on all browsers?

My main domain is with Cloudlfare.

Thank you


Assuming you are talking about an Origin certificate, then no, those are only recognised by the Cloudflare proxies and not trusted by browsers. Make sure your DNS record is proxied and it should work fine.

I have enabled the proxy for the “media” domain name which starts pointing to the spaces name.
Now instead of the previous error it gives me the following: Invalid CDN Hostname: returned a 403 status code.

I got the certificate for free from Cloudflare especially for this purpose.
It is not a paid certificate.
Note that the nameservers are owned by Cloudlfare.

Thanks for the instant reply!

A 403 won’t be SSL related but because of some configuration on your server, you’d need to check that.

What’s the domain?

In reality, it should work because the certificate created on Cloudlfare is of the Origin Server type which seems to be used in these specific cases between server and server.

Anyway, this should be the domain for CDN content:, and the linked website domain is obviously .

Thanks a lot for the availability


What’s your encryption mode on Cloudflare right now?

As mentioned before, that 403 does come from your server and you need to fix this there.

When you talk about Server, do you mean the CDN server I would like to connect, or the website server?

Honestly, it seems that I have Universal on Cloudflare, and TLS on the perimeter (so I understand).

The server where media points to.

But still

"What’s your encryption mode on Cloudflare right now? "

If you’re asking me, I honestly don’t know what to answer. (I thought I answered you in the previous answer).

Post a screenshot of your SSL page then.

All right, yes, that’s the right one.

For starters, you should change your encryption mode to Full Strict, right now you have an insecure mode selected.

You’re referring to the first screenshot right, I go from “full” to “Strict”, am I saying good?

Absolutely, that’s the first change to secure your setup.

At this point the server issue appears to have been fixed as well and the site returns a 200.

If you are on Full Strict you should be good to go.

Yes. I have also seen on sslchecker and the previous error does not give it anymore. What made the mistake go away? The fact that I went full house?

One more thing just to clarify the situation.

I created a CNAME record on Cloudflare DNS called “media” which points to the CDN server (not the site’s origin server but the DigitalOcean Spaces server).
I downloaded the perimeter certificate from Cloudlfare and placed it in the dedicated space on the CDN for dedicated domain names.

A 404 shutter is now sending me back.

I don’t need to add any other records to the dns on cloudlfare right? It should work like this, am I wrong?

You need to configure media in the way you were told to. If that’s a CNAME record, that’s all you should need. Right now it seems to load fine on HTTPS and if you are on Full Strict you should be set.

I am trying but the website loads it badly (not as it originally is).

That’s a different issue though and should be discussed in a separate thread, otherwise we mix too many topics.

Thank you!