My domain feder.is is waiting certification too long. When I first deployed, certification was a matter of seconds. Then I changed some configurations and replaced the deployment. Now it says 11 hours. I tried reading other threads with similar problems, changing app name and replacing deployment again but futile. What did I miss?
~/feder % fly certs show feder.is
The certificate for feder.is has not been issued yet.
Hostname = feder.is
DNS Provider = isnic
Certificate Authority = Let's Encrypt
Added to App = 11 hours ago
Source = fly
Your certificate for feder.is is being issued. Status is Awaiting certificates. Make sure to create another certificate for www.feder.is when the current certificate is issued.
Wow I was tinkering WORKDIR in Dockerfile in the meantime to see if it’s related. And I thought I fixed it for a moment. But you fixed it manually right? I appreciate it.
It’s weird I never kept multiple certifications not to mention apps. I was replacing them frequently though. If is it wrong to request certification too frequently, some guide or rate-limiting would have been useful.
@jerome I may have the same issue as I’ve tried to “reboot” the certificate process and am still waiting for them to be issued. I have the check and AAAA records currently added to Cloudflare unproxied but it’s still just sitting waiting for issue. Can you advise if it can be fixed on your end or what I can do?
Unfortunately you seem to have hit a Let’s Encrypt limit here. Did you create a bunch of apps with the same hostnames? We reached the limit of 5 issues certificates per hostname in the last 7 days. Next time we can retry is in a while.
For now I’ve reassigned the already-issued certificates from your deleted app to your new app. I believe that works now.
Thank you Jerome! This will work for now. We had a problem rotating Rails’ secret where I couldn’t deploy the latest code because the secret didn’t match on the server and I couldn’t update the secret because then the app couldn’t boot I tried a bunch of things in the process which resulted in the multiple certificate requests.
I encountered the same problem. In fact, Fly.io does not clearly tell people that, in general, it is not necessary to add the CNAME of _acme. The DNS requirements on Dashbord are somewhat misleading. Instead, only A and AAAA records need to be created (for example.com), as well as, a CNMAE pointing to appname.fly.dev (for www.example.com). Remember, make sure to configure DNS correctly before creating the certificate, otherwise you will have to wait a long time to get it.