TLS Subscriptions

The TLS subscriptions API allows you to programmatically generate TLS certificates that are procured and renewed by Fastly. Once a subscription is created for a given hostname or wildcard domain, DNS records are checked to ensure that the domain on the subscription is owned by the subscription creator. Provided DNS records are maintained, TLS certificates will automatically renew. If Fastly is unable to issue a certificate, we will retry to issue the certificate for 7 days past subscription creation or the latest certificate's not_after date, whichever is later. If after 7 days Fastly is unable to issue a certificate, the subscription state will change to failed and Fastly will stop retrying.

Data model

The common name associated with the subscription generated by Fastly TLS. Optional. If you do not pass a common name on create, we will default to the first TLS domain included. If provided, the domain chosen as the common name must be included in TLS domains.

common_nameobject
tls_certificatesobject
tls_configurationobject
tls_domainsobject
certificate_authoritystringThe entity that issues and certifies the TLS certificates for your subscription, either certainly, lets-encrypt, or globalsign. To migrate the subscription from one certificate authority to another, such as to migrate from 'lets-encrypt' to 'certainly', pass certificate_authority to the PATCH endpoint. To migrate from 'globalsign' to 'certainly', contact Fastly Support.
relationships.common_name.idstringThe domain name.
relationships.tls_certificates.idstringAlphanumeric string identifying a TLS certificate.
relationships.tls_configuration.idstringAlphanumeric string identifying a TLS configuration.
relationships.tls_domains.idstringThe domain name.
typestringResource type. [Default tls_subscription]
created_atstringDate and time in ISO 8601 format. Read-only.
deleted_atstringDate and time in ISO 8601 format. Read-only.
has_active_orderbooleanSubscription has an active order.
idstringAlphanumeric string identifying a TLS subscription. Read-only.
statestringThe current state of your subscription.
updated_atstringDate and time in ISO 8601 format. Read-only.

Endpoints

List TLS subscriptions

GET/tls/subscriptions

Create a TLS subscription

POST/tls/subscriptions

Get a TLS subscription

GET/tls/subscriptions/tls_subscription_id

Delete a TLS subscription

DELETE/tls/subscriptions/tls_subscription_id

Update a TLS subscription

PATCH/tls/subscriptions/tls_subscription_id

Creates a GlobalSign email challenge

POST/tls/subscriptions/tls_subscription_id/authorizations/tls_authorization_id/globalsign_email_challenges

Delete a GlobalSign email challenge

DELETE/tls/subscriptions/tls_subscription_id/authorizations/tls_authorization_id/globalsign_email_challenges/globalsign_email_challenge_id