Certs not being issued for a subdomain

I’m trying to add nooray.usenoor.com to my there/nooray project but it doesn’t issue the cert for more than 30 min and I’m wondering what’s preventing it.

Tried adding/removing/re-checking multiple times. I’ve set both CNAME records in Cloudflare.

This is preventing me from using the deployment in production.

If you are using Cloudflare for DNS-only, and don’t need its proxy (for protection, WAF etc) then make sure that CNAME is a grey-cloud record (non-proxy). Orange-cloud alone won’t work as it will return the wrong IP.

If you do need to use Cloudflare’s proxy too (and so need an orange-cloud DNS record) then you will need to add an extra DNS entry for the validation to work.

You can get that DNS Validation CNAME from the Fly dashboard as I don’t think the CLI reveals it. Sign in from fly.io, click on your app, click on ‘Certificates’, and then on the ‘View’ button to see its details.

The CNAME you need to add will probably be like domain.abcd.flydns.net . That extra DNS entry must be grey-cloud (non proxy) in Cloudflare. Meaning you can leave your subdomain CNAME orange-cloud/proxied.

That works for me anyway.

I think @greg is correct.

This comes back blank:

dig cname nooray.usenoor.com

These return Cloud Flare IPs:

dig a nooray.usenoor.com
dig aaaa nooray.usenoor.com

I’ve removed that since as it was stuck for hours, I re-added it as nooray2.usenoor.com and it worked immediately. Figured it was just a glitch :+1:

@greg Thanks, but yeah I know that, I’ve got 5 other Fly services being handled through Cloudflare DNS. At the very first try I had forgot to disable the orange cloud (proxy), but I quickly fixed the mistake. But then Fly would never recover, no matter if I delete, re-add, re-check, both from the UI and the cli. I also had added the verification DNS. Nothing would make the certs be issued for that specific domain. Probably due to the failed attempt initially. Then tried with another domain and it worked within 60 seconds.

1 Like