I’m trying to add two more certificates to my app for IPv4-only and IPv6-only hostnames.
Let’s assume I have a good reason to do this because the only control I have
over clients is the name they hit to.
While “v6” one succeed without any fuss, the “v4” one is still waiting for an issue.
I tried deleting it and adding again (hence the difference of 1 hour between them).
% flyctl certs show v6.bdd.fi -a bdd
The certificate for v6.bdd.fi has been issued.
Hostname = v6.bdd.fi
DNS Provider = googledomains
Certificate Authority = Let's Encrypt
Issued = ecdsa,rsa
Added to App = 5 hours ago
Source = fly
% flyctl certs show v4.bdd.fi -a bdd
The certificate for v4.bdd.fi has not been issued yet.
Hostname = v4.bdd.fi
DNS Provider = googledomains
Certificate Authority = Let's Encrypt
Issued =
Added to App = 4 hours ago
Source = fly
You are creating a certificate for v4.bdd.fi
We are using Let's Encrypt for this certificate.
You can configure your DNS for v4.bdd.fi by:
1: Adding an CNAME record to your DNS service which reads:
CNAME v4. bdd.fly.dev
For Let’s Encrypt to issue the cert, I guess you’re using DNS-01 challenge, hence the presence of _acme-challenge
CNAME I needed to define under domain apex. So it should work as I already have this—and it did work for v6.bdd.fi
.
% dig +noall +answer txt _acme-challenge.bdd.fi
_acme-challenge.bdd.fi. 4 IN CNAME bdd.fi.xdjk.flydns.net.
bdd.fi.xdjk.flydns.net. 44 IN TXT "89IeLuRvCOicqMXEpS4GYOZY5BpDiyD1z2Gb8Cu2RCg"
Due to the single address family needs I cannot defined a CNAME from these subdomains to the <app>.fly.dev name, but below I verify they’re pointing to the respective addresses of the app.
% [[ $(dig +short aaaa bdd.fly.dev) == $(dig +short any v6.bdd.fi) ]] && echo same
same
% [[ $(dig +short a bdd.fly.dev) == $(dig +short any v4.bdd.fi) ]] && echo same
same
There isn’t any logs for me to debug and understand what is not working out.
I’d appreciate any help.