TLS certificate errors
Last updated June 30, 2016
"Your connection is not private"
If you've recently started testing Fastly services, you may see errors like the following:
These errors appear because your domain has not been provisioned with TLS across the Fastly network. We offer a number TLS options that may work for you. Contact firstname.lastname@example.org to begin the provisioning process.
If you don't want to use TLS for your site, set the CNAME DNS record for your domain to point to
global-nossl.fastly.net. This network endpoint only accepts requests over port 80, and will not expose your users to these certificate errors.
Errors when using Wget
When connecting to a Fastly service using Wget, you may see errors along the lines of
ERROR: Certificate verification error for mysite.example.com: unable to get local issuer certificate ERROR: certificate common name `*.a.ssl.fastly.net' doesn't match requested host name `mysite.example.com'. To connect to mysite.example.com insecurely, use `--no-check-certificate'. Unable to establish TLS connection.
Checking with a browser or cURL will show that there really is no problem, however. The errors appear because a previous version of Wget (wget-1.12-2.fc13) that shipped with some versions of Red Hat Enterprise Linux (RHEL) was buggy and failed to check Subject Alternative Names (SAN) properly.
Upgrading Wget will correct this problem and eliminate the errors. For more information you can read this Red Hat bug report or this Debian one. For more information about TLS-related issues, see our TLS guides or contact email@example.com with questions.
Back to Top