Can apps access certs generated by Fly on their behalf? Maybe exposed via secrets/env vars.
Not at this point, I don’t think we expose the certificate store the applications themselves. TLS termination happens on the Fly proxy layer, which would need access to all the application certificates running on Fly.
Let me check if there are any plans to expose an app’s or organisation’s certificates to itself, but I don’t think there’s a documented way to do it right now.
I would love a feature like this because I have to generate certs for a DNS over TLS server, and it would be easier to just re-use the ones that fly generates for me.
+1 here. It would probably reduce the amount of bug reports / confusion around gRPC, letting the apps terminate.