Access to the raw TLS certs via the Fly API

Hi :wave: ,

The support for custom TLS certs is excellent.

One (obvious?) limitation is that it requires using the TLS middleware. For use cases where that isn’t possible or desired, would it be possible to have access to the certs directly via the API?

There are a few http proxies (Caddy, Envoy, etc.) that support loading certs from disk/api/storage and it’d be excellent to be able to query Fly’s vault for the certs based on the incoming request without having to interact with Let’s Encrypt directly.

The equivalent of flyctl certs get would be dope :lock: :sparkles:

Please charge me for this :moneybag: :smiley:


That’s a good idea. We’ve made this harder to implement than you’d think because security. Our API/web layer can’t actually read private keys for certificates back out of vault, only the edge nodes can.

We’ve been thinking about exposing a private API over 6pn that could be a useful place to do something like this.