I’m trying to add two more certificates to my app for IPv4-only and IPv6-only hostnames.
Let’s assume I have a good reason to do this because the only control I have
over clients is the name they hit to.
While “v6” one succeed without any fuss, the “v4” one is still waiting for an issue.
I tried deleting it and adding again (hence the difference of 1 hour between them).
% flyctl certs show v6.bdd.fi -a bdd The certificate for v6.bdd.fi has been issued. Hostname = v6.bdd.fi DNS Provider = googledomains Certificate Authority = Let's Encrypt Issued = ecdsa,rsa Added to App = 5 hours ago Source = fly
% flyctl certs show v4.bdd.fi -a bdd The certificate for v4.bdd.fi has not been issued yet. Hostname = v4.bdd.fi DNS Provider = googledomains Certificate Authority = Let's Encrypt Issued = Added to App = 4 hours ago Source = fly You are creating a certificate for v4.bdd.fi We are using Let's Encrypt for this certificate. You can configure your DNS for v4.bdd.fi by: 1: Adding an CNAME record to your DNS service which reads: CNAME v4. bdd.fly.dev
For Let’s Encrypt to issue the cert, I guess you’re using DNS-01 challenge, hence the presence of
_acme-challenge CNAME I needed to define under domain apex. So it should work as I already have this—and it did work for
% dig +noall +answer txt _acme-challenge.bdd.fi _acme-challenge.bdd.fi. 4 IN CNAME bdd.fi.xdjk.flydns.net. bdd.fi.xdjk.flydns.net. 44 IN TXT "89IeLuRvCOicqMXEpS4GYOZY5BpDiyD1z2Gb8Cu2RCg"
Due to the single address family needs I cannot defined a CNAME from these subdomains to the <app>.fly.dev name, but below I verify they’re pointing to the respective addresses of the app.
% [[ $(dig +short aaaa bdd.fly.dev) == $(dig +short any v6.bdd.fi) ]] && echo same same % [[ $(dig +short a bdd.fly.dev) == $(dig +short any v4.bdd.fi) ]] && echo same same
There isn’t any logs for me to debug and understand what is not working out.
I’d appreciate any help.