Setting up free TLS

  Last updated April 20, 2017

Customers can use our free shared domain TLS wildcard certificate to test TLS websites or applications using a Fastly URL (e.g., https://<name>.global.ssl.fastly.net/).

Before you begin

Before you begin setting up free TLS, understand the following:

Setting up free TLS for the first time

Follow the steps below to set up free TLS:

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Configuration button and then select Clone active. The service version page appears.
  4. Click the Domains tab. The Domains page appears.
  5. Click the Create domain button. The Create a domain page appears.

    the Create a domain page set up with TLS to Fastly's shared cert

  6. Fill out the Create a new domain fields as follows:
    • In the Domain Name field, type <name>.global.ssl.fastly.net, where <name> is a single word that claims the domain you're creating. If the name has already been claimed, you will need to pick a different one.
    • In the Comment field, type a human-readable name for the domain. This name is displayed in the Fastly web interface.
  7. Click the Create button to save the domain. The new domain appears in the list of domains.
  8. Click the Activate button to deploy your configuration changes.

Once you've set up free TLS, you'll be able to access your host domain via the following URL:


You won't need to add CNAME records to use the shared domain certificate and your service configuration will automatically work with HTTP/2 (and HTTP/1.1) once you update your host domain to use the new DNS name.

Updating existing free TLS service to support HTTP/2

If your existing shared domain name uses our <name>.global.ssl.fastly.net map, you can continue to use it for HTTP1.1. If you want to use your HTTP/2-enabled map, then update your DNS to use <name>.freetls.fastly.net instead. The freetls.fastly.net domain is automatically created for you and you can continue to use the <name>.global.ssl.fastly.net syntax when claiming your domain in the web interface.

For example, if you originally claimed example.global.ssl.fastly.net during setup, you can continue to use it for HTTP1.1. Fastly automatically makes example.freetls.fastly.net available to you (no one else can claim it) with support for both HTTP/2 and HTTP/1.1. If you want to use it for HTTP/2, update your DNS to use example.freetls.fastly.net instead. Your existing example.global.ssl.fastly.net domain will still be available for use (though it will only support HTTP/1.1) and you'll still be able to test your domain via the URL https://example.global.ssl.fastly.net/.

Temporarily limiting free TLS service to HTTP/1.1

If you're not ready to use HTTP/2, you can temporarily limit support to just HTTP/1.1 by setting your domain name during setup to <name>.global.ssl.fastly.net until all free TLS shared domain traffic is switched exclusively to HTTP/2 (see our deprecation schedule for key dates).

Additional resources:

Back to Top