Hello Fly community I’m trying to follow SSL for Custom Domains · Fly Docs to set up a Fly app with certificates on a custom apex domain, acmedns.dev (no wildcard cert required). I’ve tried requesting certificates a couple times over the past 18 hours but no joy yet, so I’m hoping someone can see where I’ve missed a step.
The registrar is Porkbun, the authoritative nameservers are self-hosted (e.g. not Cloudflare, so I don’t think the records are being proxied), and GLUE records are in place.
Here’s the current report from flyctl certs show acmedns.dev
:
The certificate for acmedns.dev has not been issued yet.
Hostname = acmedns.dev
DNS Provider = charlestonroadregistry
Certificate Authority = Let's Encrypt
Issued =
Added to App = 11 hours ago
Source = fly
You are creating a certificate for acmedns.dev
We are using lets_encrypt for this certificate.
You can direct traffic to acmedns.dev by:
1: Adding an A record to your DNS service which reads
A @ 168.220.89.5
You can validate your ownership of acmedns.dev by:
2: Adding an AAAA record to your DNS service which reads:
AAAA @ 2a09:8280:1::622d
OR
2: Adding an CNAME record to your DNS service which reads:
CNAME _acme-challenge.acmedns.dev => acmedns.dev.9r1wy.flydns.net.
I believe the records exist and resolve since I’m able to dig
them from a couple different networks. Here’s what I’m seeing from one of them:
$ dig acmedns.dev A
...
acmedns.dev. 2710 IN A 168.220.89.5
...
$ dig acmedns.dev AAAA
...
acmedns.dev. 2711 IN AAAA 2a09:8280:1::622d
...
I initially had not added a CNAME
record (seems like sometimes it can get in the way?), but after waiting several hours and not getting a certificate I deleted the custom domain, readded it, and included an _acme-challenge
record just in case. It’s present now:
$ dig _acme-challenge.acmedns.dev CNAME
...
_acme-challenge.acmedns.dev. 1934 IN CNAME acmedns.dev.9r1wy.flydns.net.
...
The solution given in Awaiting Certificates - #4 by kurt is to make sure port 443 is being served which I believe is the case. I get an error when using acmedns.dev as the Host
but the Fly app name works (the 404
is expected since the process is listening but there’s no content to serve):
$ curl https://acmedns.dev/
curl: (35) error:0A000126:SSL routines::unexpected eof while reading
$ curl https://acmedns-dev-1.fly.dev/
404 page not found
Any ideas will be appreciated!