TLS Subscriptions

The TLS subscriptions API allows you to programmatically generate TLS certificates that are procured and renewed by Fastly. Once a subscription is created for a given hostname or wildcard domain, DNS records are checked to ensure that the domain on the subscription is owned by the subscription creator. Provided DNS records are maintained, TLS certificates will automatically renew. If Fastly is unable to issue a certificate, we will retry to issue the certificate for 7 days past subscription creation or the latest certificate's not_after date, whichever is later. If after 7 days Fastly is unable to issue a certificate, the subscription state will change to failed and Fastly will stop retrying.

Data model

The common name associated with the subscription generated by Fastly TLS. Optional. If you do not pass a common name on create, we will default to the first TLS domain included. If provided, the domain chosen as the common name must be included in TLS domains.

certificate_authoritystringThe entity that issues and certifies the TLS certificates for your subscription, either certainly, lets-encrypt, or globalsign. To migrate the subscription from one certificate authority to another, such as to migrate from 'lets-encrypt' to 'certainly', pass certificate_authority to the PATCH endpoint. To migrate from 'globalsign' to 'certainly', contact Fastly Support.
relationships.common_name.idstringThe domain name.
relationships.tls_certificates.idstringAlphanumeric string identifying a TLS certificate.
relationships.tls_configuration.idstringAlphanumeric string identifying a TLS configuration.
relationships.tls_domains.idstringThe domain name.
typestringResource type. [Default tls_subscription]
created_atstringDate and time in ISO 8601 format. Read-only.
deleted_atstringDate and time in ISO 8601 format. Read-only.
has_active_orderbooleanSubscription has an active order.
idstringAlphanumeric string identifying a TLS subscription. Read-only.
statestringThe current state of your subscription.
updated_atstringDate and time in ISO 8601 format. Read-only.


List TLS subscriptions


Create a TLS subscription


Get a TLS subscription


Delete a TLS subscription


Update a TLS subscription


Creates a GlobalSign email challenge


Delete a GlobalSign email challenge