It looks like SSL certificate for *.fly.dev domain was not renewed, now it’s less than 2 weeks left…
Could somebody from the fly team look into this?
* Server certificate:
* subject: CN=*.fly.dev
* start date: Jan 22 23:19:23 2023 GMT
* expire date: Apr 22 23:19:22 2023 GMT
April 10, 2023, 3:00pm
Given the duration (90 days) I would
guess it’s a Let’s Encrypt one. So it’s possible it has been renewed but it’s still using a cached one:
We renew them 30 days early, but our edge caches may keep using the previous one until ~7 days before it expires. If you run fly certs show <hostname> you should see what the most up to date version we have is.
However yes, it’s worth flagging just in case there is any issue with auto-renewing that one.
Thanks you pointed me to the issue, and
@jerome said there were a bug.
Could this be the same or another bug?
April 10, 2023, 3:16pm
This is probably just a cached cert issue. Two weeks is plenty. We should have updated this 2 weeks ago but that’s part of why we have this buffer.
I use my own monitoring solution, that is also checking 2 weeks SSL expiration (among other things), and few of its instances is pinging each other.
So I catched that.
April 11, 2023, 7:12pm
Hi guys, new here, so please bear with me. I am not sure if it’s related (probably not, as the certificate is valid now), but some of the users of my app get a malicious website notification in their browser. Does that have anything to do with the reputation of the
fly.dev domain (I am not using a custom domain), or what could be the issue here?
April 11, 2023, 7:18pm
fly.dev is in the public suffix list, so the services that mark things “malicious” should treat
example.fly.dev as entirely different domains.
There are bad services that don’t respect this though. What I would do is get as many details as possible on the error, try to figure out if it’s domain or IP address related, and then consider:
Adding a dedicated IP (shared IPs are prone to these alerts) with
fly ips allocate-v4
Using a customer domain + certificate
I think doing both of those will clear those warnings up, even for the subpar services.
April 11, 2023, 7:28pm
Thank you very much! I calmed everyone down by showing them that everything seems secure and I’ll look into whether I need to follow your suggestions or people can just ignore the message.
April 18, 2023, 7:29pm
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.