Problem description

After using Alibaba Cloud CDN or Dynamic Route for CDN, HTTP access to resources is normal, but resources cannot be accessed over HTTPS.

Cause

The reasons why you cannot access resources through HTTPS after using Alibaba Cloud CDN or Dynamic Route for CDN are as follows:

  • HTTPS Secure CDN is not enabled.
  • Issues such as HTTPS certificate expiration, format errors, and mismatch.
  • Too many redirects.

Solutions

Alibaba Cloud CDN and Dynamic Route for CDN support the HTTPS acceleration service. You can enable HTTPS Secure CDN to implement HTTPS encryption for requests between clients and CDN nodes to ensure Data Transmission Service security. If you cannot access resources over HTTPS after you use Alibaba Cloud Content Delivery Network acceleration, see the following operations for troubleshooting:

  1. Check whether HTTPS is enabled for the domain name used for Alibaba Cloud Content Delivery Network acceleration.
    1. Log on to the Alibaba Cloud Content Delivery Network console.
    2. In the left-side navigation pane, click Domain Names.
    3. On the Domain Names page, find the target domain name and click Manage.
    4. In the left-side navigation pane of the specified domain name, click HTTPS Configuration.
    5. In the HTTPS Certificate section, click Modify.
    6. On the HTTPS Settings page, check whether HTTPS Secure CDN is enabled.
      • If this feature is not enabled, see Configure an HTTPS certificate. Configure an HTTPS Secure CDN for this domain name.
      • If enabled, proceed to the next step.
  2. Check whether the HTTPS certificate expires.
    1. Log on to the SSL Certificates Service management console.
    2. Find the HTTPS certificate that is bound to the streaming domain and check whether the certificate expires.
  3. Check whether the streaming domain is bound to the HTTPS certificate.
    1. Log on to the SSL Certificates Service management console.
    2. Find the certificate and check whether the certificate domain name is the same as the live domain name. If not, upload the certificate corresponding to the live domain name again.
      Note: The certificate update takes effect within one hour.
  4. Check whether the format of the HTTPS certificate is valid.
    Note: Only certificates that can be read by Nginx, that is, certificates in the PEM format, are supported. Check whether the certificate format is correct.
    1. Log on to the SSL Certificates Service management console.
    2. Find the HTTPS certificate that is bound to the streaming domain and download the NGINX certificate package, which contains a .pem file and a .key file.
    3. Log on to the Alibaba Cloud Content Delivery Network console, turn on the HTTPS configuration of the corresponding domain name, and check whether the certificate content is consistent.

Related documents

Applicable scope

  • CDN
  • Dynamic Route for CDN (DCDN)