cert not being issued after 12h

kurt · January 6, 2023, 8:51pm

We updated the statuspage here: Fly.io Status - Routing issues for newly allocated IPv6 addresses

If you’re currently having cert errors, this is the most likely reason.

willfore · January 6, 2023, 9:00pm

The workaround from @timothypage worked for me as well.

znck · January 6, 2023, 10:18pm

Workaround worked for me too. Thanks.

jerome · January 6, 2023, 10:33pm

A fix has been rolled out. Sorry about all of that, there are more rough edges with shared IPs than we initially thought.

enj · January 15, 2023, 5:43pm

IPv6 routing appears to still be an issue. I had to remove the AAAA DNS records for my domain to get certificates issued.

kurt · January 15, 2023, 7:00pm

We actually won’t issue a cert at all unless there is an AAAA record. Can you give us some more details on the sequence here?

enj · January 15, 2023, 10:35pm

I am not 100% sure of the steps since I did not expect to run into issues

I think the order of events was:

I created the AAAA DNS record for the IPv6 address
Days later, I tried to have a certificate issued
The UI showed that verification was successful but no certs had been issued. The CLI noted that Your certificate for <domain> is being issued. Status is Awaiting certificates.
Nothing changed for hours
I added the CNAME for _acme-challenge and tried deleting and recreating the certificate
It got stuck in the same way (for over 12+ hours)
I deleted the AAAA record
I deleted and recreated the certificate a few more times (I waited ~15 mins in-between)
Eventually (~an hour later) the certificate was issued

Currently my domain does not have an AAAA record. Weirdly, the UI still shows that Fly thinks that I do have an AAAA record (I tried hitting Check again and nothing changes).

msrumon · January 17, 2023, 12:30pm

This one worked out for me.

cloudmall · February 6, 2024, 10:30am

Currently experiencing this same issue. Tried different stuffs, Nothing seems to be working

dill · May 1, 2024, 2:46am

Same issue, been waiting for nearly an hour on 2 projects that use totally different top level domains of mine.

justindotpub · May 14, 2024, 2:27pm

I’m experiencing this issue as well.

pavel · May 14, 2024, 2:51pm

Hey @justindotpub

You have a CAA record on your domain which doesn’t list letsencrypt.org. When CAA record is present, it needs to include letsencrypt.org, otherwise it won’t be able to issue a certificate.

justindotpub · May 14, 2024, 3:37pm

@pavel ah, fabulous. Thank you for pointing that out! For reference in case anyone else runs into this issue, I added the following to my existing CAA record.

0 issuewild "letsencrypt.org"
0 issue "letsencrypt.org"

Then I deleted and readded the certs, and they provisioned in less than 30 s each.

Topic		Replies	Views
certs not being issued	3	330	June 12, 2023
Certificate is not being issued Questions / Help	4	817	December 23, 2022
Certificate stuck at Awaiting certificates Questions / Help	37	2813	August 8, 2023
certificate not being issued Questions / Help certificates	3	389	January 3, 2024
Project on deadline and Certificate not being issued	2	195	June 13, 2023

cert not being issued after 12h

Related topics