Fly continues to serve expired cert on root domain

Tried searching the docs for a similar issue but found nothing. This was working fine then suddenly I noticed it was failing.

My app is served from www.silviogutierez.com

There’s a redirect from silviogutierrez.com to www.silviogutierrez.com

curl -X GET -i https://silviogutierrez.com
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

But curl -X GET -i https://www.silviogutierrez.com works just fine.

I have certs for both domains.

flyctl certs list
Update available 0.0.350 -> v0.0.420.
Run "flyctl version update" to upgrade.
Host Name                 Added                Status
silviogutierrez.com       22 minutes ago       Ready
www.silviogutierrez.com   8 months ago         Ready

Things I’ve tried:

1. Recreating cert
2. Restarting app
3. Re-verifying certs.

Note that I have an identical setup over at www.reactivated.io and it works just fine.

Any help or insight would be appreciated!

Hi there @Silvio_Gutierrez! It looks like your AAAA (ipv6) records for silviogutierrez.com are pointing somewhere else, not us.

# Bad
$ dig AAAA silviogutierrez.com +short
2001:4860:4802:32::15
2001:4860:4802:38::15
2001:4860:4802:36::15
2001:4860:4802:34::15

# Good
$ dig AAAA www.silviogutierrez.com +short
small-darkness-8333.fly.dev.
2a09:8280:1::21ad

This is likely the cause of your issue.

Thanks! I’ve deleted that record, and imagine you only need CNAME left. The cert has always shown up as verified though, so I’m curious why that would make a difference.