/.well-known/acme-challenge/<token> requests look like LetsEncrypt HTTP-01 challenge, which we don’t do.
Fly uses either TLS-ALPN-01 challenge (handled transparently by fly-proxy) or DNS-01 challenge, for which you need to setup the _acme-challenge CNAME record.
So looks like something else is trying to issue a certificate for this domain using HTTP-01 challenge.
I have the same problem. Every ~10 seconds waarisdekermis.nl is receiving a GET /.well-known/acme-challenge/... request.
Everythin is green in the certificates section in the dashboard. I’m running a simple Remix app with a Supabase backend. Any idea what could send these requests?
When removing the certificate via “fly certs remove” the regular requests stop
That’s right. If you remove the certificate, fly-proxy no longer has a record that www.sharepad.de belongs to your app. Since you are using shared IPv4 there is no way for fly-proxy to know how to route requests for this domain name over IPv4 (since multiple apps share the same IPv4 address) so they get dropped. Dedicate IPv4/IPv6 should continue to work, though.
In the Fly Dashboard (!) I get the following error message:
Yes, this is only required for DNS-01 LetsEncrypt challenge. For example, if you want to assign a custom domain name before you even deploy your app for the first time. By creating this CNAME, you prove that you own the domain name and LetsEncrypt can issue a certificate. If the app is already deployed (like in your case), fly-proxy handles TLS-ALPN-01 LetsEncrypt challenge transparently without any additional configuration.
