How to set up a custom domain with A record?

I tried to set up a domain for my app 2 days before.

But it has not worked yet.

I set A/AAAA records and CNAME following the guide.

I’m not good at setting networks. What did I wrong?

Your DNS records are right, and looks like you’ve issued (many) wildcard TLS certs (via Lets Encrypt / ISRG), too.

What’s terminating TLS? Fly edge or your application?

If you’re okay, can you also share your app’s fly.toml and the language/runtime of your application?

Thanks a lot!

This is my app’s fly.toml. My app is an elixir/phoenix application

# fly.toml file generated for json-corp on 2022-06-03T02:31:32+09:00

app = "json-corp"

kill_signal = "SIGINT"
kill_timeout = 5
processes = []

  builder = "heroku/buildpacks:20"
  buildpacks = [""]

  PORT = "8080"

  allowed_public_ports = []
  auto_rollback = true

  http_checks = []
  internal_port = 8080
  processes = ["app"]
  protocol = "tcp"
  script_checks = []

    hard_limit = 25
    soft_limit = 20
    type = "connections"

    force_https = true
    handlers = ["http"]
    port = 80

    handlers = ["tls", "http"]
    port = 443

    grace_period = "1s"
    interval = "15s"
    restart_limit = 0
    timeout = "2s"

fly.toml looks right to me.

Btw, did you vend those wildcard certs for through flyctl? If so, the output from this cmd should show 'em:

flyctl certs show -a json-corp 

I only have a cert for * How can I vend wildcard cert for

flyctl certs list -a json-corp

Host Name                 Added                Status
*              3 days ago           Ready
flyctl certs show "*" -a json-corp

The certificate for * has been issued.

Hostname                  = *

DNS Provider              = godaddy

Certificate Authority     = Let's Encrypt

Issued                    = rsa,ecdsa

Added to App              = 3 days ago

Source                    = fly

Considering the domain is either setup with A/AAAA records pointing to the IPv4/IPv6 of your Fly app json-corp (which they are right now):


flyctl certs create -a json-corp


flyctl certs show -a json-corp

Apparently should show Configured = true and Status = Ready


You should delete those wildcard certs if you don’t need 'em. They aren’t free.

flyctl certs delete "*" 
1 Like

It works! Thank you :slight_smile:

Yeah, it does work! Nice.

If you want to continue to use the wildcard cert, setup your DNS approp:

For ex:

# does not work because no such dns entry
curl  -v

# works because the query is resolved ahead-of-time with the right ipv4
curl --resolve '' -v

Create a wildcard DNS entry through Fly dashboard, or if you’re ambitious, then via flyctl or Fly’s graphql endpoint.

Basically, dig +short should return the same IPv4 as dig +short (likewise for IPv6: dig AAAA +short).

Or, you could delete the wildcard cert and generate just the one for, if that makes sense?

1 Like