TLS certificate errors
Last updated 2018-10-03
"Your connection is not private"
If you've recently started testing Fastly services, you may see errors like the following:
These errors appear because your domain has not been provisioned with TLS across the Fastly network. We offer a number TLS options that may work for you. Contact support to begin the provisioning process.
If you don't want to use TLS for your site, set the CNAME DNS record for your domain to point to global-nossl.fastly.net. This network endpoint only accepts requests over port 80, and will not expose your users to these certificate errors.
Errors when using Wget
When connecting to a Fastly service using Wget, you may see errors along the lines of
1ERROR: Certificate verification error for mysite.example.com: unable to get local issuer certificate2ERROR: certificate common name `*.a.ssl.fastly.net' doesn't match requested host name `mysite.example.com'.3To connect to mysite.example.com insecurely, use `--no-check-certificate'.4Unable to establish TLS connection.Checking with a browser or curl will show that there really is no problem, however. The errors appear because a previous version of Wget (wget-1.12-2.fc13) that shipped with some versions of Red Hat Enterprise Linux (RHEL) was buggy and failed to check Subject Alternative Names (SAN) properly.
Upgrading Wget will correct this problem and eliminate the errors. For more information you can read this Red Hat bug report or this Debian one.
Do not use this form to send sensitive information. If you need assistance, contact support.