Your DNS records are right, and looks like you’ve issued (many) wildcard TLS certs (via Lets Encrypt / ISRG), too.
What’s terminating TLS? Fly edge or your application?
- If you’ve generated the TLS certs for
json.mediaoutside of Fly, then your application needs to terminate TLS itself. - Or, if TLS certs for
json.mediaare managed viaflyctl, then things should work out-of-the-box but your application cannot possibly terminate TLS (only Fly edge can). Your app needs to then accept plaintext traffic.
If you’re okay, can you also share your app’s fly.toml and the language/runtime of your application?