All Products
Search

This Product

    CDN:Origin fetch FAQ

    Document Center

    CDN:Origin fetch FAQ

    Last Updated:Mar 31, 2026

    Origin fetch is the process by which a point of presence (POP) retrieves resources from your origin server — either when a client requests content that isn't cached, or when you submit a prefetch task.

    Why do I get an HTTP 502 error after configuring origin fetch over HTTPS?

    Work through these checks in order:

    1. Verify DNS resolution. Confirm the domain name resolves correctly.

    2. Verify the origin server is reachable. Make sure the origin server is up and accepts connections.

    3. Verify the origin server supports HTTPS. Not all origin servers have HTTPS enabled.

    4. Configure SNI if the origin serves multiple domains. If the origin server's IP address is shared by multiple domain names, the server uses Server Name Indication (SNI) to select the correct SSL certificate. Without SNI configured, the server may return the wrong certificate and origin fetch fails. Configure SNI to specify which domain name the POP sends in the TLS handshake. The origin server then returns the matching SSL certificate.

    What does the Common Name whitelist verify?

    When a POP fetches content from your origin server, it validates the SSL certificate by comparing the SNI value in the request against the Common Name in the certificate returned by the origin. Origin fetch succeeds only if they match.

    By default, the SNI value equals the value of the Host header in the POP's origin fetch request, which is the accelerated domain name. This means the POP validates the certificate's Common Name against your accelerated domain name.

    How do I configure a custom port for origin fetch over HTTPS?

    1. Log on to the CDN console.

    2. In the left navigation pane, click Domain Names.

    3. On the Domain Names page, find the target domain name and click Manage in the Actions column.

    4. In the domain's navigation pane, click Origin Fetch.

    5. In the Origin Protocol Policy section, turn on Origin Protocol Policy.

    6. Click Modify.

    7. Configure custom ports based on your requirements.

    Does enabling HTTPS secure acceleration change the origin fetch protocol?

    No. The SSL certificate configured for HTTPS secure acceleration applies to the connection between clients and the POP. It has no effect on the connection between the POP and your origin server.

    The origin fetch protocol is determined by the port you specify when configuring the origin server. See Configure an origin server:

    • Port 443 → origin fetch over HTTPS

    • Port 80 or any other port → origin fetch over HTTP

    To control the origin fetch protocol independently of the port setting, follow the instructions in Configure the origin protocol policy.