Hello Fly team,
Our company has made a bufferbloat test tool, and we are using your services for latency testing. Our setup is as follows:
We have a node app running at: https://waveform-sjc-speed-0.fly.dev/
This is a very simple API for downloading 0-filled files at various sizes. The api is as follows
This will download a 1000 byte text file filled with 0’s.
We have set up a proxied CNAME record on cloudflare that points to the fly node:
We’re pointing speedtest-cX.waveform.com to this, where X goes from 0 to 5.
And to use https , we’ve set up certificates like so:
We also have a cron job renewing these certificates once every two months.
Our problem is that once the certificates renew, the cloudflare proxy keeps serving the old SSL certificate, and once the old certificate expires, the new certificates keep staying in the “Not Verified” state.
The way we get the new certificates to be verified is to turn off the proxy status on cloudflare, and keep hitting the speedtest-cx domains until it stops showing SSL handshake errors. Then turning on the proxy again on cloudflare.
Our goal is to have this certificate renewal be fully automated. What can we do here to fix this? We suspect that the problem could be with the way fly.io verifies certificates.