TLS certificate errors
Last updated 2018-10-03
If you've recently started testing Fastly services, you may see errors like the following:
These errors appear because your domain has not been provisioned with TLS across the Fastly network. We offer a number TLS options that may work for you. Contact support to begin the provisioning process.
If you don't want to use TLS for your site, set the CNAME DNS record for your domain to point to
global-nossl.fastly.net. This network endpoint only accepts requests over port 80, and will not expose your users to these certificate errors.
When connecting to a Fastly service using Wget, you may see errors along the lines of
1ERROR: Certificate verification error for mysite.example.com: unable to get local issuer certificate2ERROR: certificate common name `*.a.ssl.fastly.net' doesn't match requested host name `mysite.example.com'.3To connect to mysite.example.com insecurely, use `--no-check-certificate'.4Unable to establish TLS connection.
Checking with a browser or curl will show that there really is no problem, however. The errors appear because a previous version of Wget (wget-1.12-2.fc13) that shipped with some versions of Red Hat Enterprise Linux (RHEL) was buggy and failed to check Subject Alternative Names (SAN) properly.