LOG IN SIGN UP
Documentation

Managing domains on TLS certificates

  Last updated March 23, 2018

The Fastly web interface allows you to add and manage domains on one of Fastly's shared TLS certificates. For example, to serve HTTPS traffic for a single website you can add a single domain like www.example.com. However, if you add a wildcard domain, like *.example.com, you will be able to serve HTTPS traffic on any related subdomain, like api.example.com and docs.example.com.

Before you begin

Be sure you understand your TLS options:

Also, when you are managing your TLS domains, keep the following in mind:

Creating a TLS domain

To create a TLS domain, follow these steps:

  1. Log in to the Fastly web interface and click the Account link from the user menu. Your account information appears.
  2. Click the Transport Layer Security link. The Transport Layer Security page appears.

    the transport layer security controls with the default domain area shown and highlighted in the navigation

  3. In the Domains area, click the Create TLS Domain button. A billing increase notification appears.

    a notification warning customers that adding a TLS domain may result in additional charges to their account

  4. Click Proceed. The Create TLS domain page appears.

    the create TLS domain controls

  5. Fill out the Create TLS domain form as follows:

    • In the Domain name field, type the fully qualified domain name to be added to the selected TLS certificate (e.g., www.example.com or *.example.com).
    • If the Certificate menu appears, select the certificate on which to create the domain. This menu only appears if you've previously arranged for Fastly to procure a certificate on your behalf.
    • From the Verification option controls, select the method you prefer to use for domain ownership verification. The DNS verification method will be used by default unless you select another option.
  6. Click the Create button. The request is sent to Fastly for creation and appears as a row in a table in the Domains area of the Transport Layer Security page.

Verifying domain ownership

Any time you request addition of a domain to a certificate, you must verify you own the domain. This helps us ensure no one else is using your domain without your permission. To verify domain ownership, follow these steps:

  1. On the Transport Layer Security page, look in the Domains list for the TLS domain name you created and review the State.

    an example TLS domain request in the Domains area of the TLS controls page

  2. When the State changes to Verification required (usually only a few minutes after Fastly receives your request), click the Verify link. The Verify TLS domain window appears.

    the verify TLS domain window showing the www.example.com verification for example.com via DNS TXT record

  3. Depending on the verification method you selected, do one of the following:
    • Verify the domain via DNS. You'll need to validate domain ownership by adding a DNS TXT record for your domain with your DNS provider.
    • Verify the domain via email. You'll need to validate domain ownership by clicking the link that GlobalSign emails to the contact you've designated for your domain's WHOIS records.
    • Verify the domain via URL. You'll need to validate domain ownership by uploading a text file to a specifically named web page served at the domain you're adding.
  4. Click the Verify button after you've completed the domain verification steps. This is Fastly's cue to add your domain to the certificate.

Within a few minutes of verification, you'll see the State change to Issued. This means the domain has begun propagating throughout Fastly's cache nodes and you're ready to connect a service. Within 60 minutes, the domain should be live and Fastly will begin the monthly billing process for these specific TLS certificate services.

Enabling TLS for your service

Once you've verified your domain ownership, you need to connect a service to your TLS domain. Follow these steps:

  1. On the Transport Layer Security page, look in the Domains list for the TLS domain name you verified and review the State.
  2. When the domain's State changes to Issued, click the DNS details link. The Domain details page appears.

    the TLS domain details page that appears when the DNS details link is clicked

  3. Use the information on the Domain details page to update the CNAME record or A Record for your domain with your DNS provider.

Deleting a TLS domain

To delete a TLS domain, follow these steps:

  1. Log in to the Fastly web interface and click the Account link from the user menu. Your account information appears.
  2. Click the Transport Layer Security link. The Transport Layer Security page appears.
  3. In the Domains area, find the domain to be deleted and click the Delete link that appears to the right of the domain name on the same line. The deletion confirmation window appears.
  4. In the Re-enter domain name field, type the domain name to be deleted.
  5. Click the Confirm and Delete button. The request to remove the domain from the SAN certificate will be sent. This is Fastly's cue to remove the domain from the certificate.
  6. Watch the State for the submitted domain. Once the domain's state changes to Removed, the domain has been removed from the certificate and Fastly will discontinue charging you for these specific TLS certificate services.

Understanding domain states

The State column on the Transport Layer Security page changes to reflect the current stage of processing for all domain requests.

State Description
Request initiated We've sent your domain request to our partner Certificate Authority.
Phishing check Our partner Certificate Authority is performing extra domain ownership verification on this request.
Verification required The domain request is complete. Your domain ownership verification is now required.
Verifying Your domain ownership verification is being confirmed by our partner Certificate Authority.
Email verification sent Our partner Certificate Authority has sent you a domain ownership verification email that requires action on your part.
Issuing The domain ownership verification was successful and now awaits final issuing before being added to your certificate.
Issued The domain was successfully added to the certificate. It may take up to 60 minutes to become active.
Removing Your request to remove a domain from a certificate is being processed.
Removed A domain was successfully removed from the certificate.

Back to Top