Setting up TLS on a shared Fastly domain

Customers can use a shared Fastly domain (e.g., your-name.global.ssl.fastly.net) to add TLS to a website or application for free.

TIP

This method for setting up TLS uses a shared domain name and does not support use with your own domain name (www.example.com). If you want to use your own domain, use Fastly-managed certificates to secure two domains for free or upgrade to a paid account to secure additional domains or to upload a self-managed certificate. Explore all Fastly TLS options on our product page.

Before you begin

Before you begin setting up TLS on a shared Fastly domain, understand the following:

  • This method for setting up TLS uses a shared domain name and does not support use with your own domain name (www.example.com). Customers typically use this TLS method in links directly to assets (e.g., linking to https://example.global.ssl.fastly.net/example.jpg) or for testing purposes.
  • You cannot DNS alias your own domain to the shared domain. If you do, a TLS name mismatch warning will appear in the browser.
  • When using this TLS method, all traffic is routed through Fastly's entire global network.

If you want to use your own domain or have the ability to route traffic through specific POPs, use another TLS service option.

Setting up TLS on a shared Fastly domain for the first time

Follow the steps below to set up TLS on a shared Fastly domain:

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain. You can also click Compute services or CDN services to access a list of services by type.
  3. Click Edit configuration and then select the option to clone the active version.
  4. Click Create domain.

    the Create a domain page set up with TLS to Fastly's shared cert

  5. Fill out the domain creation fields as follows:

    • In the Domain name field, enter <name>.global.ssl.fastly.net, replacing <name> with a single word that claims the domain you're creating. You can't use a dot-separated name (e.g., www.example.org.global.ssl.fastly.net) because TLS certificates don't support nesting. If the name you choose has already been claimed, you will need to pick a different one.
    • In the Comment field, enter a human-readable name for the domain. This name appears in the Fastly web interface.
  6. Click Create to save the domain. The new domain appears in the list of domains.

  7. Click Activate to deploy your configuration changes.

Once you've set up TLS, you'll be able to access your host domain via the https://<name>.global.ssl.fastly.net/ URL. You won't need to add CNAME records to use the shared domain certificate.

Support for HTTP/2, IPv6, and TLS 1.2

Your <name>.global.ssl.fastly.net domain name currently supports the HTTP/1.x protocols and IPv4 network addresses on Fastly's free shared domain TLS wildcard certificate. TLS 1.0, 1.1, and 1.2 are all supported.

To test HTTP/2, you can use <name>.freetls.fastly.net, which is automatically made available for all Fastly TLS services using the shared domain. For example, if you used example.global.ssl.fastly.net during setup, Fastly automatically created example.freetls.fastly.net with support for HTTP/2 and HTTP/1.1, as well as support for IPv6 and IPv4 network addresses. Names ending in .freetls.fastly.net require TLS 1.2.

NOTE

As noted in the previous section, you can't use a dot-separated name (e.g., www.example.org.freetls.fastly.net) because TLS certificates don't support nesting. If you experience problems testing your domain name with freetls.fastly.net, verify that <name> in <name>.freetls.fastly.net is a single word that doesn't contain dots.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.