How to set up a custom domain with A record?

I tried to set up a domain json.media for my app json-corp.fly.dev 2 days before.

But it has not worked yet.

I set A/AAAA records and CNAME following the guide.

I’m not good at setting networks. What did I wrong?

Your DNS records are right, and looks like you’ve issued (many) wildcard TLS certs (via Lets Encrypt / ISRG), too.

What’s terminating TLS? Fly edge or your application?

If you’re okay, can you also share your app’s fly.toml and the language/runtime of your application?

Thanks a lot!

This is my app’s fly.toml. My app is an elixir/phoenix application

# fly.toml file generated for json-corp on 2022-06-03T02:31:32+09:00

app = "json-corp"

kill_signal = "SIGINT"
kill_timeout = 5
processes = []

[build]
  builder = "heroku/buildpacks:20"
  buildpacks = ["https://cnb-shim.herokuapp.com/v1/hashnuke/elixir"]

[env]
  PORT = "8080"

[experimental]
  allowed_public_ports = []
  auto_rollback = true

[[services]]
  http_checks = []
  internal_port = 8080
  processes = ["app"]
  protocol = "tcp"
  script_checks = []

  [services.concurrency]
    hard_limit = 25
    soft_limit = 20
    type = "connections"

  [[services.ports]]
    force_https = true
    handlers = ["http"]
    port = 80

  [[services.ports]]
    handlers = ["tls", "http"]
    port = 443

  [[services.tcp_checks]]
    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

fly.toml looks right to me.

Btw, did you vend those wildcard certs for json.media through flyctl? If so, the output from this cmd should show 'em:

flyctl certs show json.media -a json-corp 

I only have a cert for *.json.media. How can I vend wildcard cert for json.media?

flyctl certs list -a json-corp

Host Name                 Added                Status
*.json.media              3 days ago           Ready
flyctl certs show "*.json.media" -a json-corp

The certificate for *.json.media has been issued.

Hostname                  = *.json.media

DNS Provider              = godaddy

Certificate Authority     = Let's Encrypt

Issued                    = rsa,ecdsa

Added to App              = 3 days ago

Source                    = fly

Considering the domain is either setup with A/AAAA records pointing to the IPv4/IPv6 of your Fly app json-corp (which they are right now):

First:

flyctl certs create json.media -a json-corp

Later:

flyctl certs show json.media -a json-corp

Apparently should show Configured = true and Status = Ready

ref.

You should delete those wildcard certs if you don’t need 'em. They aren’t free.

flyctl certs delete "*.json.media" 
1 Like

It works! Thank you :slight_smile:

Yeah, it does work! Nice.

If you want to continue to use the wildcard cert, setup your DNS approp:

For ex:

# does not work because no such dns entry
curl https://random-63-chars.json.media  -v

# works because the query is resolved ahead-of-time with the right ipv4
curl https://random-63-chars.json.media --resolve 'random-63-chars.json.media:443:37.16.14.11' -v

Create a wildcard DNS entry through Fly dashboard, or if you’re ambitious, then via flyctl or Fly’s graphql endpoint.

Basically, dig random.json.media +short should return the same IPv4 as dig www.json.media +short (likewise for IPv6: dig AAAA random.json.media +short).

Or, you could delete the wildcard cert and generate just the one for www.json.media, if that makes sense?

1 Like