Can't create cert for domain + subdomain

Hi,

TL;DR

When I attempt to create a cert using flyctl certs create my-subdomain.my-domain.com the cert gets stuck in “Awaiting configuration” (so far for about ~1 hour).

Details

I’m attempting to point my-subdomain.my-domain.com at my-fly-app.fly.dev (fictional names here :wink:). I’m using CloudFlare to manage DNS. I created a DNS record “CNAME my-subdomain my-fly-app.fly.dev” under my-domain.com in CloudFlare. I then ran flyctl certs create my-subdomain.my-domain.com (I need the cert because I have strict end-to-end encryption turned on in CloudFlare). The output included a list of warnings (“A Record does not match app’s IP”, “AAAA Record does not match app’s IP”, “Address resolution does not match app’s IP”) followed by instructions to setup the CNAME that I already created. Fly shows the cert in the “Awaiting configuration” state seemingly indefinitely.

What I’ve tried

I’ve tried 1) removing and re-creating the cert 2) re-running Fly’s checks against the cert 3) adding the _acme-challenge verification CNAME 4) using A and AAAA records instead of the CNAME 5) waiting and repeating steps 1-4 in various sequences both from the CLI and the UI :sweat_smile:. Interestingly enough I was able to get through to the “Awaiting certificates” state fairly quickly (5 mins) by requesting a wildcard certificate (*.my-domain.com) instead of a certificate for a specific subdomain. I don’t need the wildcard certificate though, and it feels weird to have it because although I will be using 2-3 subdomains each subdomain will point to a different app (so each app would have to have it’s own redundant wildcard cert).

Any ideas? Thanks in advace!

Cloud Flare proxies CNAMEs by default, I think. Will you see if the proxy is enabled and turn it off if it is?

Ha fixed, thank you!! I did not realize that icon was clickable :sweat_smile:.

1 Like

It’s a total dark pattern. I hate it.