Hey!,
I have a certificate which is currently marked as Verified in the https://fly.io/apps/<app>/certificates
view, however, neither of the certificate types have been issued. (I’d left them for about 12 hours to no avail, and several follow-up attempts this morning have also failed).
I have been able to successfully add and verify a second-level domain. So this seems isolated to subdomains, but it might also be the fact that this is a subdomain of a subdomain that itself is DNS zoned to Fly’s DNS servers (created via flyctl domain add
)
I recognize that these processes can have edge cases, so it’s worth throwing a couple of my potential gotchas:
- DNS on Fly: As noted above, my TLD DNS is through Google Cloud DNS (through Google Domains), though I’ve delegated my
NS
for a particular subdomain to a Fly zone (that I created withflyctl domain add <subdomain>
, so I can control the DNS through Fly directly. - Lot’o’Dots: I’ve got a few levels deep of subdomains going on at the moment. The subdomain that I’m delegating to Fly is already
third.second.top
and I’m requesting a certificate for afifth.fourth.third.second.top
domain. I seem to have eliminated just too-many-nested levels as a problem by using another domain that’s not on Fly DNS but equally as deep, so I don’t think this is it; just flagging this! - App vs Domain? The DNS records I’m creating per the validation instructions for a particular app are going into the subdomain’s zone. I don’t think they’re associated with a particular app (and I think that’s by design?; I don’t think Fly needs a direct domain attachment to an app, right?)
Screenshots, though I’m not sure how valuable they are — mostly noting that it shows “Verified”. In terms of the “Confirm domain ownership” step — I’m not sure if the yellow-dot is meant to indicate that the configuration isn’t detected or not, but a dig
would seem to indicate that it’s matching, including the trailing .
.
Just in case support is tempted to poke at the
1g2wo
here, I’ve deleted and recreated so I’m onto a different domain now.
In all cases, I’ve validated that the _acme_challenge
is resolving correctly. I’ve tried both creating CNAME
records to the [fqdn].[5-char-rando-thing].flydns.net
domain as well as an alternative approach to creating A
/ AAAA
records from [fqdn].
that point directly to my apps IPs — also to no avail.
Of course, I could totally be doing something wrong.
Thoughts?