TLS certificate errors
Last updated 2018-10-03
"Your connection is not private"
If you've recently started testing Fastly services, you may see errors like the following:
These errors appear because your domain has not been provisioned with TLS across the Fastly network. We offer a number TLS options that may work for you. Contact firstname.lastname@example.org to begin the provisioning process.
If you don't want to use TLS for your site, set the CNAME DNS record for your domain to point to
global-nossl.fastly.net. This network endpoint only accepts requests over port 80, and will not expose your users to these certificate errors.
Errors when using Wget
When connecting to a Fastly service using Wget, you may see errors along the lines of
1 2 3 4 ERROR: Certificate verification error for mysite.example.com: unable to get local issuer certificate ERROR: certificate common name `*.a.ssl.fastly.net' doesn't match requested host name `mysite.example.com'. To connect to mysite.example.com insecurely, use `--no-check-certificate'. Unable to establish TLS connection.
Checking with a browser or curl will show that there really is no problem, however. The errors appear because a previous version of Wget (wget-1.12-2.fc13) that shipped with some versions of Red Hat Enterprise Linux (RHEL) was buggy and failed to check Subject Alternative Names (SAN) properly.