Setting up free TLS
Last updated 2021-09-30
Customers can use our free TLS option to add TLS to a website or application using a shared Fastly domain (e.g.,
Free TLS uses a shared domain name and does not support use with your own domain name (
www.example.com). If you want to use your own domain, you can upgrade to a paid account and use Fastly TLS to add up to five domains for free on dedicated managed certificates.
Before you begin
Before you begin setting up free TLS, understand the following:
- Free TLS uses a shared domain name and does not support use with your own domain name (
www.example.com). Customers typically use the free TLS hostname in links directly to assets (e.g., linking to
https://example.global.ssl.fastly.net/example.jpg) or for testing purposes.
- You cannot DNS alias your own domain to the shared domain. If you do, a TLS name mismatch warning will appear in the browser.
- When using free TLS, all traffic is routed through Fastly's entire global network.
If you want to use your own domain or have the ability to route traffic through specific POPs, use another TLS service option.
Setting up free TLS for the first time
Follow the steps below to set up free TLS:
- Log in to the Fastly web interface.
- From the All services page, select the appropriate service. You can use the search box to search by ID, name, or domain.
- Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
Click the Create domain button. The domain creation controls appear.
- Fill out the domain creation fields as follows:
- In the Domain name field, enter
<name>with a single word that claims the domain you're creating. You can't use a dot-separated name (e.g.,
www.example.org.global.ssl.fastly.net) because TLS certificates don't support nesting. If the name you choose has already been claimed, you will need to pick a different one.
- In the Comment field, enter a human-readable name for the domain. This name appears in the Fastly web interface.
- In the Domain name field, enter
- Click the Create button to save the domain. The new domain appears in the list of domains.
- Click the Activate button to deploy your configuration changes.
Once you've set up free TLS, you'll be able to access your host domain via the
https://<name>.global.ssl.fastly.net/ URL. You won't need to add CNAME records to use the shared domain certificate.
Support for HTTP/2, IPv6, and TLS 1.2
<name>.global.ssl.fastly.net domain name currently supports the HTTP/1.x protocols and IPv4 network addresses on Fastly's free shared domain TLS wildcard certificate. TLS 1.0, 1.1, and 1.2 are all supported.
To test HTTP/2, you can use
<name>.freetls.fastly.net, which is automatically made available for all Fastly free TLS services. For example, if you used
example.global.ssl.fastly.net during setup, Fastly automatically created
example.freetls.fastly.net with support for HTTP/2 and HTTP/1.1, as well as support for IPv6 and IPv4 network addresses. Names ending in
.freetls.fastly.net require TLS 1.2.
As noted in the previous section, you can't use a dot-separated name (e.g.,
www.example.org.freetls.fastly.net) because TLS certificates don't support nesting. If you experience problems testing your domain name with
freetls.fastly.net, verify that
<name>.freetls.fastly.net is a single word that doesn't contain dots.