We've been making changes to how we organize and display our docs. Our work isn't done but we'd love your feedback.
Getting started
Basics
Domains & Origins
Performance

Configuration
Basics
Conditions
Dictionaries
Domains & Origins
Request settings
Cache settings
Headers
Responses
Performance
Custom VCL
Image optimization
Video

Security
Access Control Lists
Monitoring and testing
Securing communications
TLS
Web Application Firewall

Integrations
Logging endpoints
Non-Fastly services

Diagnostics
Streaming logs
Debugging techniques
Common errors

Account info
Account management
Billing
User access and control

Reference

    TLS certificate errors

      Last updated October 03, 2018

    "Your connection is not private"

    If you've recently started testing Fastly services, you may see errors like the following:

    TLS No Cert Error

    These errors appear because your domain has not been provisioned with TLS across the Fastly network. We offer a number TLS options that may work for you. Contact support@fastly.com to begin the provisioning process.

    If you don't want to use TLS for your site, set the CNAME DNS record for your domain to point to global-nossl.fastly.net. This network endpoint only accepts requests over port 80, and will not expose your users to these certificate errors.

    Errors when using Wget

    When connecting to a Fastly service using Wget, you may see errors along the lines of

    1
    2
    3
    4
    
    ERROR: Certificate verification error for mysite.example.com: unable to get local issuer certificate
    ERROR: certificate common name `*.a.ssl.fastly.net' doesn't match requested host name `mysite.example.com'.
    To connect to mysite.example.com insecurely, use `--no-check-certificate'.
    Unable to establish TLS connection.
    

    Checking with a browser or cURL will show that there really is no problem, however. The errors appear because a previous version of Wget (wget-1.12-2.fc13) that shipped with some versions of Red Hat Enterprise Linux (RHEL) was buggy and failed to check Subject Alternative Names (SAN) properly.

    Upgrading Wget will correct this problem and eliminate the errors. For more information you can read this Red Hat bug report or this Debian one.

    Back to Top