ERR_SSL_PROTOCOL_ERROR using wildcard certificate

I am getting a ERR_SSL_PROTOCOL_ERROR error when I only add the wildcard domain to certificates, e.G.


The certificate is correctly issued, but when I try to access I get the ERR_SSL_PROTOCOL_ERROR.

As soon as I add as a certificate as well, it works.

Shouldn’t it work as well just with the wildcard certificate so that I don’t need to explicit add subdomains?

Just to confirm, if you do fly certs list or open the app dashboard do you see the the wildcard cert has been fully validated and issued?

Yes of course.

Unforuntately I can’t test if it works if I remove the certificate, because when I do remove it, it continues to be served under

I can confirm that I’m seeing the same thing. I only have a single certificate for the app so:
fly -a app-name certs list

Host Name                 Added                Status
*              1 day ago            Ready

And the certificate is verified and ready when the app is viewed in the app dashboard.

Opening the site on a browser gives ERR_SSL_PROTOCOL_ERROR

I’ve found the solution to my particular issue:

I had only added the certificate ‘*’ whereas I needed to add a ‘’ certificate as well to serve the apex domain as https.

Without the ‘’ certificate browsing to ‘’ returns the ERR_SSL_PROTOCOL_ERROR.

Thanks, but I think the error is different in my case, as I am not using an APEX domain but an actual subdomain instead, e.G. which in theory should be covered correctly by the wildcard *

Wildcard certificates only cover one level of subdomain, so * would cover but not

Wildcard certificate - Wikipedia


Thanks @charsleysa, that makes sense and I think I actually run into this before as well but didn’t think about it.

I have added the other wildcard domain now, e.G. * but again unfortunately I am unable to test if it works as removing the certificate from the fly dashboard doesn’t actually remove it from being served by the application/proxy. @sudhir.j this might be a bug worth to investigate?