How to get certs DNS validation target?

I want to use cloudflare to defend ddos, so I use cloudflare proxy mode. There was a problem generating the certificate.

According to the documentation, fly.io can use DNS challenge when generating certificates, but I can’t find the value that DNS challenge needs to set.

Document: SSL for Custom Domains

$ flyctl certs show example.com
...
  DNS Provider                = dnsimple
  DNS Validation Instructions = CNAME _acme-challenge.example.com => example.com.o055.flydns.net.
  DNS Validation Hostname     = _acme-challenge.example.com
  DNS Validation Target       = example.com.o055.flydns.net
...

What I get (hide domain info):

$ flyctl certs show <my-domain>
Hostname                  = <my-domain>
DNS Provider              = 
Certificate Authority     = Let's Encrypt
Issued                    = 
Added to App              = 25 minutes ago
Source                    = fly

...

You can configure your DNS for <my-domain> by:

1: Adding an CNAME record to your DNS service which reads:

    CNAME <subdomain>. <app>.fly.dev

How can I get the DNS Validation Target value? Or am I misunderstanding the DNS challenge?

I’ve done that, same as you, using the Cloudflare proxy in front of a Fly app.

Perhaps the docs are out of sync, not sure, but in the meantime you can get that DNS Validation CNAME from the Fly dashboard. Sign in from fly.io, click on your app, click on ‘Certificates’, and then on the ‘View’ button to see its details.

The CNAME you need to add will probably be like domain.abcd.flydns.net. That extra DNS entry will need to be grey-cloud (non proxy) in Cloudflare.

That’s what I need, thanks!

I found that I still need to turn off proxy mode for the domain verification to pass. I don’t know if opening the proxy later will affect the certificate renew.

Anyway, I finally created a certificate.

1 Like