When I enter the following from my command line:
$ fly certs show "*.terminalwire.sh"
The certificate for *.terminalwire.sh has been issued.
Hostname = *.terminalwire.sh
DNS Provider = enom
Certificate Authority = Let's Encrypt
Issued = rsa,ecdsa
Added to App = 58 minutes ago
Source = fly
I expect to see the A, AAAA, and CNAME records needed to configure DNS, but I do not. Could you please add these to CLI?
simply create a CNAME record that points to your fly.dev host, that’s all you need.
If your DNS manager is picky and forces you do use A/AAAA records you can do that as well, more info here Custom domains · Fly Docs
(pay attention to this section in case it fits your situation Custom domains · Fly Docs )
There’s no CNAME record for the wildcard domain I’m working with, *.terminalwire.sh:
The A and AAAA records aren’t pickup up either:
Here’s my settings, as configured with my DNS provider:
And here’s the certificate one more time:
terminalwire/server [main] → fly certs show "*.terminalwire.sh"
The certificate for *.terminalwire.sh has been issued.
Hostname = *.terminalwire.sh
DNS Provider = enom
Certificate Authority = Let's Encrypt
Issued = rsa,ecdsa
Added to App = 17 hours ago
Source = fly
When I try to resolve a subdomain, it doesn’t get an answer:
terminalwire/server [main] → dig trmnl.terminalwire.sh @1.1.1.1
; <<>> DiG 9.10.6 <<>> trmnl.terminalwire.sh @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29977
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;trmnl.terminalwire.sh. IN A
;; AUTHORITY SECTION:
terminalwire.sh. 3601 IN SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1737673042 43200 3600 604800 3601
;; Query time: 32 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Jan 24 08:33:58 PST 2025
;; MSG SIZE rcvd: 123
Here’s a trace:
; <<>> DiG 9.10.6 <<>> trmnl.terminalwire.sh @1.1.1.1 +trace
;; global options: +cmd
. 514192 IN NS a.root-servers.net.
. 514192 IN NS b.root-servers.net.
. 514192 IN NS c.root-servers.net.
. 514192 IN NS d.root-servers.net.
. 514192 IN NS e.root-servers.net.
. 514192 IN NS f.root-servers.net.
. 514192 IN NS g.root-servers.net.
. 514192 IN NS h.root-servers.net.
. 514192 IN NS i.root-servers.net.
. 514192 IN NS j.root-servers.net.
. 514192 IN NS k.root-servers.net.
. 514192 IN NS l.root-servers.net.
. 514192 IN NS m.root-servers.net.
. 514192 IN RRSIG NS 8 0 518400 20250206050000 20250124040000 26470 . afC74thx+7CsSDKncMo07iN03wryBeSaNkY0+MFYPPVp2pwM2tntWk9M 7ynyr3oTAwhkXOXtOzCXYe1b4cjjwJxTLdUHYD5sYMKtS8n9TAWlSxuc JK0Ogabn12H2jwLUjiBYbp0r8lJD+zkNTk6VRH+KDmWvQXrD5W0XFRBL KIHKcBixaAURtnbXicjR8BNcrY3UEqn8T0PWrz9rVt/712kRGMZa7di5 1offAReLX/qsBqGyYAG2XsC95St8e2ZNrsuVbi9VMxVsSfi4yvWgYg19 dGvpK3r1OhVh/CjovaIbAvlCptitHd24LhNl8INjjq4emupxZ06G7sPZ +xEI/Q==
;; Received 525 bytes from 1.1.1.1#53(1.1.1.1) in 34 ms
sh. 172800 IN NS a0.nic.sh.
sh. 172800 IN NS c0.nic.sh.
sh. 172800 IN NS b0.nic.sh.
sh. 172800 IN NS a2.nic.sh.
sh. 86400 IN DS 55297 8 2 BA339AD6E081DAD292A3F473CBDD5ADC53A0222769A7C6125F506DD6 A813787F
sh. 86400 IN RRSIG DS 8 1 86400 20250206050000 20250124040000 26470 . Tpg6p8GHdLUFbCdi7cx0UlXNiIusAnXmywFMtqlITId3iHKwMzIaJZS/ HUAhjibV7zV85g1tZ/pahHIEO8xdzxsx0CodTBqlZAiiOHZ3gsupmkNT fCGk5NXK3KHDm5wWfZ21aiSBDzIXV+zone/IM8r9DFUC4QW5fhneytCR xnLE/pRTLWyfNihrs3nTgCAEqsIVzZEZtI9gaapOopNOBSU0VvkM9jOV x+x0oAA95JAVbDtmURI93p8tS/wc1CXcONPuDWkBT9J6eWxPtM07YMlW +2lHD8aRxGa9tYp28weFM1V4M7mbcS5/dlnT0XkM3DWHPKnd9G8RoYa0 O7suOA==
;; Received 637 bytes from 2001:500:12::d0d#53(g.root-servers.net) in 103 ms
terminalwire.sh. 3600 IN NS dns1.registrar-servers.com.
terminalwire.sh. 3600 IN NS dns2.registrar-servers.com.
urlg1ms0tecs1d3kstght8m8vlutp58d.sh. 3600 IN NSEC3 1 1 0 73 USM2DOA3UP6AFG0IJ0ON0S5IG4B70AK1 NS SOA RRSIG DNSKEY NSEC3PARAM
urlg1ms0tecs1d3kstght8m8vlutp58d.sh. 3600 IN RRSIG NSEC3 8 2 3600 20250214162955 20250124152955 35130 sh. NA6NbLSyT580fuZvV6QNOMYpb40dR3aWkreI65Ec+O/vOU47rkntmRvC mPv49SPGC4REZ+1Bh/yzjnX+vpxzlYxDaFZ0gwI5CPPO67QVw6uzf9+2 wa01X1+UlMylQvIjt4vddJhB32iDxBnYv/ZUHqPz2rto4YjqGYsdfKpP Lpg=
pg0naqdf18rrelf1j2593mvii34p4uoc.sh. 3600 IN NSEC3 1 1 0 73 PGP4JQN8JID47PNA0TDPGCH9PQ88JHKQ NS DS RRSIG
pg0naqdf18rrelf1j2593mvii34p4uoc.sh. 3600 IN RRSIG NSEC3 8 2 3600 20250207160400 20250117150400 35130 sh. C9sspGORGWTQw2paP8ec6iqyheXmcx3wM5hj3LFx4Z9/mj/q1TbELWCP YqaNKBZU1OMXhH/7D22OnfMvqVZiIWjN578pT/Vwj+hcg/Z+oU39futg RKJRKFrQGHiSDG6L6r/eoCaw+yn4CuIbaRNgH9nCpAvhdEL/w42LzpKg sL8=
;; Received 594 bytes from 65.22.161.9#53(b0.nic.sh) in 82 ms
terminalwire.sh. 3601 IN SOA dns1.registrar-servers.com. hostmaster.registrar-servers.com. 1737673042 43200 3600 604800 3601
;; Received 123 bytes from 156.154.133.200#53(dns2.registrar-servers.com) in 19 ms
Note that I have a certificate, terminalwire.sh, for non-sub-domains:
terminalwire/server [main] → fly certs show terminalwire.sh
The certificate for terminalwire.sh has been issued.
Hostname = terminalwire.sh
DNS Provider = enom
Certificate Authority = Let's Encrypt
Issued = rsa,ecdsa
Added to App = 1 month ago
Source = fly
That shouldn’t be conflicting, but it might be germane to this thread if it is.
Ok I think I figured it out—I added * A and AAAA records to my registrar and the subdomains now resolve.
The Fly Certificates dashboard is broken, at least for sub-domains. It should show a * value for host. Currently it’s blank.
Please fix the dashboard and consider showing the same data when I run fly certs show $HOST.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.
