Certificate Expired


I moved to Fly.io ~3 months ago from Heroku and was shocked to see my certificate expired without any warnings from fly.io. Unfortunately, when I was first alerted about the website being down, I thought it was a transient error and as a result I had about ~6 hours of downtime.

I had to delete the old certificate, create a new one, and then configure my DNS settings with the new certificate settings. The new certificate only lasts for 3 months as well.


  • Why didn’t Fly.io warn me that my website would be down?
  • Why are certificates only valid for 3 months?
  • Is there an auto-renew feature or do I have to log into fly.io every 90 days to renew the certificate?
1 Like

We auto renew certs if we can. 90 days is normal, we start trying to renew them at 60 days.

Do you remember how you had this configured before? If you’re using DNS validation, you need to leave the CNAME entry in place so we can keep renewing.

I had this issue too this morning. Pretty unacceptable that we don’t at least get an email notification alerting us of any errors when it tries to renew at 60 days.


I switched to the wild card domains (instead of a cert for each subdomain) and flyio has successfully auto-renewed since. But yep, super annoying to be offline for hours over a known problem.

The main reason we see for failing to auto-renew domains is when the certificate is set up with A/AAAA records, and then those records are changed afterwards - typically when using Cloudflare.
We do support acme-challenge records for single-domain as well as wildcard certificates, but we could do a better job of showing that in the UI.

1 Like

This just happened to me.
I checked my emails and I didn’t see any alerts regarding renewal failure, and my app was basically down for a while.

Could we at least get some kind of indication that it failed so I can take action on it?
Especially if it needs manual intervention.

I also ran into this issue, both my certificates are expired while the CNAME _acme-challenge is up.