Certificate is not being issued

Hi Fly.io team

I set up my website on Fly.io 3 months back and I used Cloudflare as the DNS. The certificate was issued 3 months ago but didn’t get renewed last week. I tried deleting the older one and creating a new certificate without any success as well. I had switched on Cloudflare DNS proxy, which might be the reason for the renewal to fail. I have switched the Cloudflare proxy off now, but I still can’t get the certificate to get issued.

Any clues as to what I am missing here?

Sadly yes: enabling the Cloudflare proxy would cause the re-validation to fail. And so the certificate would not get renewed, as its check would return a Cloudflare IP.

It seems there is an ongoing issue with certificates :thinking: e.g same issue:

Hopefully someone from Fly is investigating: @eli was responding in the other thread.

Hi Fly.io team (@greg) we are also experiencing issues with certificate registration.

I have forwarded the DNS screenshots to support@fly.io. The entry is showing as verified so the DNS seems correct, but the certificates are not generating after 30 minutes.

Hi @flowabl

I’m not actually part of the team however hopefully someone there will see this and get back to you. There is an open issue on https://status.flyio.net/ but that shouldn’t affect certificates :thinking:.

If the DNS entries they require are all present and verified, that’s strange. Not sure what else you can do, short of maybe trying requesting the certificate again to see if that gives it a push this morning.

The issue we had might’ve affected certificate issuance because Let’s Encrypt might attempt to check our challenge by connecting via IPv6 (they likely test both IPv4 and IPv6).

@flowabl This is now fixed. You trigger a manual check for us to issue a certificate via fly certs check yourhostname.com