We’ve been using Fly without issues for several customers, but we have one that we can’t seem to get a certificate generated for. I verified with them that both DNS entries are active and checked myself using dig.
In the certificates view I see that the domain has been verified, but red dots next to both RSA and ECDSA. Is there any way I can debug this to see what the issue is? I’ve hit “Check Again” multiple times now.
Oh if it’s not returning anything except a red X, it means there’s not a CAA record, so it’s likely a different issue. Let me see if I can figure out what’s up.
Actually, try the hostname without the subdomain: example.com instead of security.example.com. There is a CAA record that’s preventing us from issuing the certificate.