How to get certs DNS validation target?

I want to use cloudflare to defend ddos, so I use cloudflare proxy mode. There was a problem generating the certificate.

According to the documentation, can use DNS challenge when generating certificates, but I can’t find the value that DNS challenge needs to set.

Document: SSL for Custom Domains

$ flyctl certs show
  DNS Provider                = dnsimple
  DNS Validation Instructions = CNAME =>
  DNS Validation Hostname     =
  DNS Validation Target       =

What I get (hide domain info):

$ flyctl certs show <my-domain>
Hostname                  = <my-domain>
DNS Provider              = 
Certificate Authority     = Let's Encrypt
Issued                    = 
Added to App              = 25 minutes ago
Source                    = fly


You can configure your DNS for <my-domain> by:

1: Adding an CNAME record to your DNS service which reads:

    CNAME <subdomain>. <app>

How can I get the DNS Validation Target value? Or am I misunderstanding the DNS challenge?

I’ve done that, same as you, using the Cloudflare proxy in front of a Fly app.

Perhaps the docs are out of sync, not sure, but in the meantime you can get that DNS Validation CNAME from the Fly dashboard. Sign in from, click on your app, click on ‘Certificates’, and then on the ‘View’ button to see its details.

The CNAME you need to add will probably be like That extra DNS entry will need to be grey-cloud (non proxy) in Cloudflare.

That’s what I need, thanks!

I found that I still need to turn off proxy mode for the domain verification to pass. I don’t know if opening the proxy later will affect the certificate renew.

Anyway, I finally created a certificate.

1 Like